file
* . Possible options are SSL_FILETYPE_ASN1,
* for DER-encoded certificates, or SSL_FILETYPE_PEM
* for PEM-encoded certificates.
* @return SSL_SUCCESS upon success,
* SSL_BAD_FILE upon bad input file,
* otherwise SSL_FAILURE. Possible failure
* causes may be that the file is in the wrong format, the
* format argument was given incorrectly, the file
* doesn't exist, can't be read, or is corrupted,
* an out of memory condition occurs, or the Base16
* decoding fails on the file.
* @throws IllegalStateException WolfSSLContext has been freed
* @see WolfSSLContext#useCertificateFile(String, int)
*/
public int useCertificateFile(String file, int format)
throws IllegalStateException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered useCertificateFile(" +
file + ", " + format + ")");
return useCertificateFile(this.sslPtr, file, format);
}
}
/**
* Loads a private key file into the SSL session object.
* This file is provided by the file parameter. The format
* paramenter specifies the format type of the file - either
* SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. Please see the
* wolfSSL examples for proper usage.
*
* @param file a file containing the private key to be loaded into
* the wolfSSL SSL session.
* @param format format of the private key pointed to by file
* . Possible options are SSL_FILETYPE_ASN1,
* for a DER-encoded key, or SSL_FILETYPE_PEM
* for a PEM-encoded key.
* @return SSL_SUCCESS upon success,
* SSL_BAD_FILE upon bad input file, otherwise
* SSL_FAILURE. Possible failure causes
* may be that the file is in the wrong format, the
* format argument was given incorrectly, the file
* doesn't exist, can't be read, or is corrupted,
* an out of memory condition occurs, the Base16
* decoding fails on the file, or the key file is
* encrypted but no password is provided.
* @throws IllegalStateException WolfSSLContext has been freed
* @see WolfSSLContext#usePrivateKeyFile(String, int)
*/
public int usePrivateKeyFile(String file, int format)
throws IllegalStateException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered usePrivateKeyFile(" +
file + ", " + format + ")");
return usePrivateKeyFile(this.sslPtr, file, format);
}
}
/**
* Loads a chain of certificates into the SSL session object.
* The file containing the certificate chain is provided by the file
* parameter and must contain PEM-formatted certificates. This function
* will process up to MAX_CHAIN_DEPTH (default = 9, defined
* in internal.h) certificates, plus the subject cert.
*
* @param file path to the file containing the chain of certificates
* to be loaded into the wolfSSL SSL session. Certificates
* must be in PEM format.
* @return SSL_SUCCESS on success,
* SSL_BAD_FILE upon bad input file, otherwise
* SSL_FAILURE. If the function call fails,
* possible causes might include: the file is in the wrong
* format, the file doesn't exist, can't be read, or is
* corrupted, or an out of memory condition occurs.
* @throws IllegalStateException WolfSSLContext has been freed
* @see WolfSSLContext#useCertificateFile(String, int)
* @see #useCertificateFile(String, int)
*/
public int useCertificateChainFile(String file)
throws IllegalStateException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered useCertificateChainFile(" + file + ")");
return useCertificateChainFile(this.sslPtr, file);
}
}
/**
* Assigns a Socket file descriptor as the input/output facility for the
* SSL connection.
*
* @param sd Socket to be used as input/output facility.
* @return SSL_SUCCESS on success, otherwise
* SSL_FAILURE.
* @throws IllegalStateException WolfSSLContext has been freed
* @see #getFd()
*/
public int setFd(Socket sd) throws IllegalStateException {
int ret;
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered setFd(" + sd + ")");
ret = setFd(this.sslPtr, sd, 1);
if (ret == WolfSSL.SSL_SUCCESS) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "native fd set to: " +
getFd(this.sslPtr));
}
return ret;
}
}
/**
* Assigns a DatagramSocket file descriptor as the input/output facility
* for the SSL connection.
* This can be used when using DatagramSocket objects with DTLS.
*
* @param sd Socket to be used as input/output facility.
* @return SSL_SUCCESS on success, otherwise
* SSL_FAILURE.
* @throws IllegalStateException WolfSSLContext has been freed
* @see #getFd()
*/
public int setFd(DatagramSocket sd) throws IllegalStateException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered setFd(" + sd + ")");
return setFd(this.sslPtr, sd, 2);
}
}
/**
* Informs wolfSSL session that the underlying I/O is non-blocking.
* After an application creates a SSL session (native WOLFSSL object),
* if it will be used with a non-blocking socket, this method should
* be called. This lets the SSL session know that receiving EWOULDBLOCK
* means that the recvfrom call would block rather than that it timed out.
*
* @param nonblock value used to set non-blocking flag on the SSL
* session. Use 1 to specify non-blocking,
* otherwise 0.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see #getUsingNonblock()
* @see #dtlsGotTimeout()
* @see #dtlsGetCurrentTimeout()
*/
public void setUsingNonblock(int nonblock)
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered setUsingNonblock(" +
nonblock + ")");
setUsingNonblock(this.sslPtr, nonblock);
}
}
/**
* Allows the application to determine if wolfSSL is using non-blocking
* I/O.
* After an application created an SSL session object, if it will be used
* with a non-blocking socket, call setUsingNonblock() on it.
* This lets the SSL session object know that receiving EWOULDBLOCK means
* that the recvfrom call would block rather than that it timed out.
*
* @return 1 if the underlying I/O is non-blocking, otherwise
* 0 if blocking.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see #setUsingNonblock(int)
* @see #setSession(long)
*/
public int getUsingNonblock()
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered getUsingNonblock()");
return getUsingNonblock(this.sslPtr);
}
}
/**
* Returns the file descriptor used as the input/output facility for the
* SSL connection.
* Typically this will be a socket file descriptor.
*
* @return SSL session file descriptor
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see #setFd(Socket)
*/
public int getFd()
throws IllegalStateException, WolfSSLJNIException {
int fd = 0;
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered getFd()");
fd = getFd(this.sslPtr);
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "returning fd: " + fd);
}
return fd;
}
/**
* Helper method to throw appropriate exception based on native
* result of poll()/select() from API that does I/O.
*/
private static void throwExceptionFromIOReturnValue(
int ret, String nativeFunc)
throws SocketTimeoutException, SocketException {
if (ret == WolfSSL.WOLFJNI_IO_EVENT_TIMEOUT) {
throw new SocketTimeoutException(
"Native socket timed out during " + nativeFunc);
}
else if (ret == WolfSSL.WOLFJNI_IO_EVENT_FD_CLOSED) {
throw new SocketException("Socket fd closed during poll(), " +
"errno = " + WolfSSL.getErrno());
}
else if (ret == WolfSSL.WOLFJNI_IO_EVENT_ERROR) {
throw new SocketException("Socket fd poll() exceptional error, " +
"errno = " + WolfSSL.getErrno());
}
else if (ret == WolfSSL.WOLFJNI_IO_EVENT_POLLHUP) {
throw new SocketException("Socket disconnected during poll(), " +
"errno = " + WolfSSL.getErrno());
}
else if (ret == WolfSSL.WOLFJNI_IO_EVENT_FAIL) {
throw new SocketException("Socket select/poll() failed, " +
"errno = " + WolfSSL.getErrno());
}
}
/**
* Initializes an SSL/TLS handshake with a server.
* This function is called on the client side. When called, the underlying
* communication channel should already be set up.
*
* connect() works with both blocking and non-blocking I/O.
* When the underlying I/O is non-blocking, connect() will
* return when the underlying I/O could not satisfy the needs of
* connect() to continue the handshake. In this case, a call
* to getError will yield either SSL_ERROR_WANT_READ or
* SSL_ERROR_WANT_WRITE. The calling process must then repeat the
* call to connect() when the underlying I/O is ready and
* wolfSSL will pick up where it left off.
*
* If the underlying I/O is blocking, connect() will only
* return once the handshake has been finished or an error occurred.
*
* wolfSSL takes a different approach to certificate verification than
* OpenSSL does. The default policy for clients is to verify the server,
* meaning that if the application doesn't load CA certificates to verify
* the server, it will get a connect error, "unable to verify" (-155). If
* the application wants to mimic OpenSSL behavior of having
* connect() succeed even if verifying the server fails (and
* reducing security), the application can do this by calling:
*
* WolfSSLContext#setVerify(ctx, SSL_VERIFY_NONE, 0);
*
* before calling newSSL(), though it's not recommended.
*
SSL_SUCCESS if successful, otherwise
* SSL_FAILURE if an error occurred. To get
* a more detailed error code, call getError().
* @throws IllegalStateException WolfSSLContext has been freed
* @throws SocketTimeoutException if underlying socket timed out
* @throws SocketException Native socket select() or poll() failed
*/
public int connect()
throws IllegalStateException, SocketTimeoutException, SocketException {
return connect(0);
}
/**
* Initializes an SSL/TLS handshake with a server, using socket timeout
* value in milliseconds.
* This function is called on the client side. When called, the underlying
* communication channel should already be set up.
*
* connect() works with both blocking and non-blocking I/O.
* When the underlying I/O is non-blocking, connect() will
* return when the underlying I/O could not satisfy the needs of
* connect() to continue the handshake. In this case, a call
* to getError will yield either SSL_ERROR_WANT_READ or
* SSL_ERROR_WANT_WRITE. The calling process must then repeat the
* call to connect() when the underlying I/O is ready and
* wolfSSL will pick up where it left off.
*
* If the underlying I/O is blocking, connect() will only
* return once the handshake has been finished or an error occurred.
*
* wolfSSL takes a different approach to certificate verification than
* OpenSSL does. The default policy for clients is to verify the server,
* meaning that if the application doesn't load CA certificates to verify
* the server, it will get a connect error, "unable to verify" (-155). If
* the application wants to mimic OpenSSL behavior of having
* connect() succeed even if verifying the server fails (and
* reducing security), the application can do this by calling:
*
* WolfSSLContext#setVerify(ctx, SSL_VERIFY_NONE, 0);
*
* before calling newSSL(), though it's not recommended.
*
* @param timeout read timeout, milliseconds. Specify 0 to use infinite
* timeout
*
* @return SSL_SUCCESS if successful, otherwise
* SSL_FAILURE if an error occurred. To get
* a more detailed error code, call getError().
* @throws IllegalStateException WolfSSLContext has been freed
* @throws SocketTimeoutException if socket timeout occurs
* @throws SocketException Native socket select() or poll() failed
*/
public int connect(int timeout)
throws IllegalStateException, SocketTimeoutException, SocketException {
int ret = WolfSSL.SSL_FAILURE;
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered connect(timeout: " +
timeout +")");
ret = connect(this.sslPtr, timeout);
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "connect() ret: " + ret +
", err: " + getError(ret));
}
throwExceptionFromIOReturnValue(ret, "wolfSSL_connect()");
return ret;
}
/**
* Write bytes from a byte array to the SSL connection.
* If necessary, write() will negotiate an SSL/TLS session
* if the handshake has not already been performed yet by connect
* or accept.
*
* write() works with both blocking and non-blocking I/O.
* When the underlying I/O is non-blocking, write() will
* return when the underlying I/O could not satisfy the needs of
* write() to continue. In this case, a call to getError
* will yield either SSL_ERROR_WANT_READ or
* SSL_ERROR_WANT_WRITE. The calling process must then repeat the
* call to write() when the underlying I/O is ready.
*
* If the underlying I/O is blocking, write() will only
* return once the buffer data of size length has been
* completely written or an error occurred.
*
* @param data data buffer which will be sent to peer
* @param length size, in bytes, of data to send to the peer
* @return the number of bytes written upon success. 0
* or a negative value will be returned upon failure.
* SSL_FAILUREreturn upon failure when either
* an error occurred or, when using non-blocking sockets,
* the SSL_ERROR_WANT_READ or
* SSL_ERROR_WANT_WRITE error was received and the
* application needs to call write() again.
* BAD_FUNC_ARC when bad arguments are used.
* Use getError to get a specific error code.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws SocketTimeoutException if socket timeout occurs
* @throws SocketException Native socket select() or poll() failed
*/
public int write(byte[] data, int length)
throws IllegalStateException, SocketTimeoutException, SocketException {
int ret;
long localPtr;
confirmObjectIsActive();
/* Fix for Infer scan, since not synchronizing on sslLock for
* access to this.sslPtr, see note below */
synchronized (sslLock) {
localPtr = this.sslPtr;
}
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, localPtr, "entered write(length: " +
length + ")");
/* not synchronizing on sslLock here since JNI write() locks
* session mutex around native wolfSSL_write() call. If sslLock
* is locked here, since we call select() inside native JNI we
* could timeout waiting for corresponding read() operation to
* occur if needed */
ret = write(localPtr, data, 0, length, 0);
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, localPtr, "write() ret: " + ret +
", err: " + getError(ret));
throwExceptionFromIOReturnValue(ret, "wolfSSL_write()");
return ret;
}
/**
* Write bytes from a byte array to the SSL connection, using socket
* timeout value in milliseconds.
* If necessary, write() will negotiate an SSL/TLS session
* if the handshake has not already been performed yet by connect
* or accept.
*
* write() works with both blocking and non-blocking I/O.
* When the underlying I/O is non-blocking, write() will
* return when the underlying I/O could not satisfy the needs of
* write() to continue. In this case, a call to getError
* will yield either SSL_ERROR_WANT_READ or
* SSL_ERROR_WANT_WRITE. The calling process must then repeat the
* call to write() when the underlying I/O is ready.
*
* If the underlying I/O is blocking, write() will only
* return once the buffer data of size length has been
* completely written or an error occurred.
*
* @param data data buffer which will be sent to peer
* @param length size, in bytes, of data to send to the peer
* @param timeout read timeout, milliseconds.
* @return the number of bytes written upon success. 0
* will be returned upon failure.
* SSL_FATAL_ERRORupon failure when either an
* error occurred or, when using non-blocking sockets,
* the SSL_ERROR_WANT_READ or
* SSL_ERROR_WANT_WRITE error was received and the
* application needs to call write() again.
* BAD_FUNC_ARC when bad arguments are used.
* Use getError to get a specific error code.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws SocketTimeoutException if socket timeout occurs
* @throws SocketException Native socket select/poll() failed
*/
public int write(byte[] data, int length, int timeout)
throws IllegalStateException, SocketTimeoutException, SocketException {
return write(data, 0, length, timeout);
}
/**
* Write bytes from a byte array to the SSL connection, using socket
* timeout value in milliseconds.
* If necessary, write() will negotiate an SSL/TLS session
* if the handshake has not already been performed yet by connect
* or accept.
*
* write() works with both blocking and non-blocking I/O.
* When the underlying I/O is non-blocking, write() will
* return when the underlying I/O could not satisfy the needs of
* write() to continue. In this case, a call to getError
* will yield either SSL_ERROR_WANT_READ or
* SSL_ERROR_WANT_WRITE. The calling process must then repeat the
* call to write() when the underlying I/O is ready.
*
* If the underlying I/O is blocking, write() will only
* return once the buffer data of size length has been
* completely written or an error occurred.
*
* @param data data buffer which will be sent to peer
* @param offset offset into data buffer to start writing from
* @param length size, in bytes, of data to send to the peer
* @param timeout read timeout, milliseconds.
* @return the number of bytes written upon success. 0
* will be returned upon failure.
* SSL_FATAL_ERRORupon failure when either an
* error occurred or, when using non-blocking sockets,
* the SSL_ERROR_WANT_READ or
* SSL_ERROR_WANT_WRITE error was received and the
* application needs to call write() again.
* BAD_FUNC_ARC when bad arguments are used.
* Use getError to get a specific error code.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws SocketTimeoutException if socket timeout occurs
* @throws SocketException Native socket select/poll() failed
*/
public int write(byte[] data, int offset, int length, int timeout)
throws IllegalStateException, SocketTimeoutException, SocketException {
int ret;
long localPtr;
confirmObjectIsActive();
/* Fix for Infer scan, since not synchronizing on sslLock for
* access to this.sslPtr, see note below */
synchronized (sslLock) {
localPtr = this.sslPtr;
}
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, localPtr, "entered write(offset: " + offset +
", length: " + length + ", timeout: " + timeout + ")");
/* not synchronizing on sslLock here since JNI write() locks
* session mutex around native wolfSSL_write() call. If sslLock
* is locked here, since we call select() inside native JNI we
* could timeout waiting for corresponding read() operation to
* occur if needed */
ret = write(localPtr, data, offset, length, timeout);
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, localPtr, "write() ret: " + ret +
", err: " + getError(ret));
throwExceptionFromIOReturnValue(ret, "wolfSSL_write()");
return ret;
}
/**
* Reads bytes from the SSL session and returns the read bytes as a byte
* array.
* The bytes read are removed from the internal receive buffer.
*
* If necessary, read() will negotiate an SSL/TLS session
* if the handshake has not already been performed yet by connect()
* or accept().
*
* The SSL/TLS protocol uses SSL records which have a maximum size of
* 16kB. As such, wolfSSL needs to read an entire SSL record internally
* before it is able to process and decrypt the record. Because of this,
* a call to read() will only be able to return the
* maximum buffer size which has been decrypted at the time of calling.
* There may be additional not-yet-decrypted data waiting in the internal
* wolfSSL receive buffer which will be retrieved and decrypted with the
* next call to read().
*
* @param data buffer where the data read from the SSL connection
* will be placed.
* @param sz number of bytes to read into data
* @return the number of bytes read upon success. SSL_FAILURE
* will be returned upon failure which may be caused
* by either a clean (close notify alert) shutdown or just
* that the peer closed the connection.
* SSL_FATAL_ERROR upon failure when either an error
* occurred or, when using non-blocking sockets, the
* SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE
* error was received and the application needs to call
* read() again. Use getError to
* get a specific error code.
* BAD_FUNC_ARC when bad arguments are used.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws SocketTimeoutException if socket timeout occurs, should not
* occur since infinite timeout is used for this call.
* @throws SocketException Native socket select/poll() failed
*/
public int read(byte[] data, int sz)
throws IllegalStateException, SocketTimeoutException, SocketException {
int ret;
long localPtr;
confirmObjectIsActive();
/* Fix for Infer scan, since not synchronizing on sslLock for
* access to this.sslPtr, see note below */
synchronized (sslLock) {
localPtr = this.sslPtr;
}
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, localPtr, "entered read(sz: " + sz + ")");
/* not synchronizing on sslLock here since JNI read() locks
* session mutex around native wolfSSL_read() call. If sslLock
* is locked here, since we call select() inside native JNI we
* could timeout waiting for corresponding write() operation to
* occur if needed */
ret = read(localPtr, data, 0, sz, 0);
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, localPtr, "read() ret: " + ret +
", err: " + getError(ret));
throwExceptionFromIOReturnValue(ret, "wolfSSL_read()");
return ret;
}
/**
* Reads bytes from the SSL session and returns the read bytes as a byte
* array, using socket timeout value in milliseconds.
* The bytes read are removed from the internal receive buffer.
*
* If necessary, read() will negotiate an SSL/TLS session
* if the handshake has not already been performed yet by connect()
* or accept().
*
* The SSL/TLS protocol uses SSL records which have a maximum size of
* 16kB. As such, wolfSSL needs to read an entire SSL record internally
* before it is able to process and decrypt the record. Because of this,
* a call to read() will only be able to return the
* maximum buffer size which has been decrypted at the time of calling.
* There may be additional not-yet-decrypted data waiting in the internal
* wolfSSL receive buffer which will be retrieved and decrypted with the
* next call to read().
*
* @param data buffer where the data read from the SSL connection
* will be placed.
* @param sz number of bytes to read into data
* @param timeout read timeout, milliseconds.
* @return the number of bytes read upon success. SSL_FAILURE
* will be returned upon failure which may be caused
* by either a clean (close notify alert) shutdown or just
* that the peer closed the connection.
* SSL_FATAL_ERROR upon failure when either an error
* occurred or, when using non-blocking sockets, the
* SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE
* error was received and the application needs to call
* read() again. Use getError to
* get a specific error code.
* BAD_FUNC_ARC when bad arguments are used.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws SocketTimeoutException if socket timeout occurs
* @throws SocketException Native socket select/poll() failed
*/
public int read(byte[] data, int sz, int timeout)
throws IllegalStateException, SocketTimeoutException, SocketException {
return read(data, 0, sz, timeout);
}
/**
* Reads bytes from the SSL session and returns the read bytes as a byte
* array, using socket timeout value in milliseconds.
* The bytes read are removed from the internal receive buffer.
*
* If necessary, read() will negotiate an SSL/TLS session
* if the handshake has not already been performed yet by connect()
* or accept().
*
* The SSL/TLS protocol uses SSL records which have a maximum size of
* 16kB. As such, wolfSSL needs to read an entire SSL record internally
* before it is able to process and decrypt the record. Because of this,
* a call to read() will only be able to return the
* maximum buffer size which has been decrypted at the time of calling.
* There may be additional not-yet-decrypted data waiting in the internal
* wolfSSL receive buffer which will be retrieved and decrypted with the
* next call to read().
*
* @param data buffer where the data read from the SSL connection
* will be placed.
* @param offset offset into data buffer for data to be placed.
* @param sz number of bytes to read into data
* @param timeout read timeout, milliseconds.
* @return the number of bytes read upon success. SSL_FAILURE
* will be returned upon failure which may be caused
* by either a clean (close notify alert) shutdown or just
* that the peer closed the connection.
* SSL_FATAL_ERROR upon failure when either an error
* occurred or, when using non-blocking sockets, the
* SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE
* error was received and the application needs to call
* read() again. Use getError to
* get a specific error code.
* BAD_FUNC_ARC when bad arguments are used.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws SocketTimeoutException if socket timeout occurs
* @throws SocketException Native socket select/poll() failed
*/
public int read(byte[] data, int offset, int sz, int timeout)
throws IllegalStateException, SocketTimeoutException, SocketException {
int ret;
long localPtr;
confirmObjectIsActive();
/* Fix for Infer scan, since not synchronizing on sslLock for
* access to this.sslPtr, see note below */
synchronized (sslLock) {
localPtr = this.sslPtr;
}
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, localPtr, "entered read(offset: " + offset +
", sz: " + sz + ", timeout: " + timeout + ")");
/* not synchronizing on sslLock here since JNI read() locks
* session mutex around native wolfSSL_read() call. If sslLock
* is locked here, since we call select() inside native JNI we
* could timeout waiting for corresponding write() operation to
* occur if needed */
ret = read(localPtr, data, offset, sz, timeout);
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, localPtr, "read() ret: " + ret +
", err: " + getError(ret));
throwExceptionFromIOReturnValue(ret, "wolfSSL_read()");
return ret;
}
/**
* Reads bytes from the SSL session and returns the read bytes into
* the provided ByteBuffer, using socket timeout value in milliseconds.
*
* The bytes read are removed from the internal receive buffer.
*
* If necessary, read() will negotiate an SSL/TLS session
* if the handshake has not already been performed yet by connect()
* or accept().
*
* The SSL/TLS protocol uses SSL records which have a maximum size of
* 16kB. As such, wolfSSL needs to read an entire SSL record internally
* before it is able to process and decrypt the record. Because of this,
* a call to read() will only be able to return the
* maximum buffer size which has been decrypted at the time of calling.
* There may be additional not-yet-decrypted data waiting in the internal
* wolfSSL receive buffer which will be retrieved and decrypted with the
* next call to read().
*
* @param data ByteBuffer where the data read from the SSL connection
* will be placed. position() will be updated after this
* method writes data to the ByteBuffer.
* @param sz number of bytes to read into data,
* may be adjusted to the maximum space in data if that is
* smaller than this size.
* @param timeout read timeout, milliseconds.
* @return the number of bytes read upon success. SSL_FAILURE
* will be returned upon failure which may be caused
* by either a clean (close notify alert) shutdown or just
* that the peer closed the connection.
* SSL_FATAL_ERROR upon failure when either an error
* occurred or, when using non-blocking sockets, the
* SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE
* error was received and the application needs to call
* read() again. Use getError to
* get a specific error code.
* BAD_FUNC_ARC when bad arguments are used.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws SocketTimeoutException if socket timeout occurs
* @throws SocketException Native socket select/poll() failed
*/
public int read(ByteBuffer data, int sz, int timeout)
throws IllegalStateException, SocketTimeoutException, SocketException {
int ret;
long localPtr;
confirmObjectIsActive();
/* Fix for Infer scan, since not synchronizing on sslLock for
* access to this.sslPtr, see note below */
synchronized (sslLock) {
localPtr = this.sslPtr;
}
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, localPtr, "entered read(ByteBuffer, " +
"sz: " + sz + ", timeout: " + timeout + ")");
/* not synchronizing on sslLock here since JNI read() locks
* session mutex around native wolfSSL_read() call. If sslLock
* is locked here, since we call select() inside native JNI we
* could timeout waiting for corresponding write() operation to
* occur if needed */
try {
ret = read(localPtr, data, sz, timeout);
} catch (WolfSSLException e) {
/* JNI code may throw WolfSSLException on JNI specific errors */
throw new SocketException(e.getMessage());
}
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, localPtr, "read() ret: " + ret +
", err: " + getError(ret));
throwExceptionFromIOReturnValue(ret, "wolfSSL_read()");
return ret;
}
/**
* Waits for an SSL client to initiate the SSL/TLS handshake.
* This method is called on the server side. When it is called, the
* underlying communication channel has already been set up.
*
* accept() works with both blocking and non-blocking I/O.
* When the underlying I/O is non-blocking, accept() will
* return when the underlying I/O could not satisfy the needs of
* accept() to continue the handshake. In this case, a call to
* getError() will yield either SSL_ERROR_WANT_READ or
* SSL_ERROR_WANT_WRITE. The calling process must then repeat the
* call to accept() when data is available to be read and
* wolfSSL will pick up where it left off. When using a non-blocking
* socket, nothing needs to be done, but select() can be used
* to check for the required condition.
*
* If the underlying I/O is blocking, accept() will only
* return once the handshake has been finished or an error occurred.
*
* @return SSL_SUCCESS on success. SSL_FATAL_ERROR
* if an error occurred. To get a more detailed
* error code, call getError().
* @throws IllegalStateException WolfSSLContext has been freed
* @throws SocketTimeoutException if underlying socket timed out
* @throws SocketException Native socket select/accept() failed
* @see #getError(int)
* @see #connect()
*/
public int accept()
throws IllegalStateException, SocketTimeoutException, SocketException {
return accept(0);
}
/**
* Waits for an SSL client to initiate the SSL/TLS handshake, using socket
* timeout value in milliseconds.
* This method is called on the server side. When it is called, the
* underlying communication channel has already been set up.
*
* accept() works with both blocking and non-blocking I/O.
* When the underlying I/O is non-blocking, accept() will
* return when the underlying I/O could not satisfy the needs of
* accept() to continue the handshake. In this case, a call to
* getError() will yield either SSL_ERROR_WANT_READ or
* SSL_ERROR_WANT_WRITE. The calling process must then repeat the
* call to accept() when data is available to be read and
* wolfSSL will pick up where it left off. When using a non-blocking
* socket, nothing needs to be done, but select() can be used
* to check for the required condition.
*
* If the underlying I/O is blocking, accept() will only
* return once the handshake has been finished or an error occurred.
*
* @param timeout read timeout, milliseconds.
*
* @return SSL_SUCCESS on success. SSL_FATAL_ERROR
* if an error occurred. To get a more detailed
* error code, call getError().
* @throws IllegalStateException WolfSSLContext has been freed
* @throws SocketTimeoutException if underlying socket timed out
* @throws SocketException Native socket select() failed
* @see #getError(int)
* @see #connect()
*/
public int accept(int timeout)
throws IllegalStateException, SocketTimeoutException, SocketException {
int ret;
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered accept(timeout: " +
timeout + ")");
ret = accept(this.sslPtr, timeout);
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "accept() ret: " + ret +
", err: " + getError(ret));
}
throwExceptionFromIOReturnValue(ret, "wolfSSL_accept()");
return ret;
}
/**
* Frees an allocated SSL session.
*
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see WolfSSLContext#newContext(long)
* @see WolfSSLContext#free()
*/
public void freeSSL()
throws IllegalStateException, WolfSSLJNIException {
synchronized (sslLock) {
synchronized (stateLock) {
if (this.active == false) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, "entered freeSSL(), already freed");
/* already freed, just return */
return;
}
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered freeSSL()");
/* free native resources */
freeSSL(this.sslPtr);
/* free Java resources */
this.active = false;
this.sslPtr = 0;
this.clientSNIRequested = null;
this.ctx = null;
}
}
}
/**
* Shuts down the active SSL/TLS connection using the SSL session.
* This function will try to send a "close notify" alert to the peer,
* with read timeout disabled (set to infinite).
*
* The calling application can choose to wait for the peer to send its
* "close notify" alert in response or just go ahead and shut down the
* underlying connection after directly calling shutdownSSL
* (to save resources). Either option is allowed by the TLS specification.
* If the underlying connection will be used again in the future, the
* complete two-directional shutdown procedure must be performed to keep
* synchronization intact between the peers.
*
* shutdownSSL() works with both blocking and non-blocking
* I/O. When the underlying I/O is non-blocking, shutdownSSL()
* will return an error if the underlying I/O could not satisfy the
* needs of shutdownSSL() to continue. In this case, a call
* to getError() will yield either SSL_ERROR_WANT_READ
* or SSL_ERROR_WANT_WRITE. The calling process must then repeat
* the call to shutdownSSL() when the underlying I/O is ready.
*
* @return SSL_SUCCESS on success,
* SSL_FATAL_ERROR upon failure. Call
* getError() for a more specific error code.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws SocketTimeoutException if socket timeout occurs, should not
* since infinite timeout is used for this call.
* @throws SocketException Native socket select/poll() failed
* @see #shutdownSSL(int)
* @see #freeSSL(long)
* @see WolfSSLContext#free()
*/
public int shutdownSSL()
throws IllegalStateException, SocketTimeoutException, SocketException {
return shutdownSSL(0);
}
/**
* Shuts down the active SSL/TLS connection using the SSL session
* and provided read timeout value in milliseconds.
* This function will try to send a "close notify" alert to the peer.
*
* The calling application can choose to wait for the peer to send its
* "close notify" alert in response or just go ahead and shut down the
* underlying connection after directly calling shutdownSSL
* (to save resources). Either option is allowed by the TLS specification.
* If the underlying connection will be used again in the future, the
* complete two-directional shutdown procedure must be performed to keep
* synchronization intact between the peers.
*
* shutdownSSL() works with both blocking and non-blocking
* I/O. When the underlying I/O is non-blocking, shutdownSSL()
* will return an error if the underlying I/O could not satisfy the
* needs of shutdownSSL() to continue. In this case, a call
* to getError() will yield either SSL_ERROR_WANT_READ
* or SSL_ERROR_WANT_WRITE. The calling process must then repeat
* the call to shutdownSSL() when the underlying I/O is ready.
*
* @param timeout read timeout, milliseconds.
*
* @return SSL_SUCCESS on success,
* SSL_FATAL_ERROR upon failure. Call
* getError() for a more specific error code.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws SocketTimeoutException if socket timeout occurs.
* @throws SocketException Native socket select/poll() failed
* @see #freeSSL(long)
* @see WolfSSLContext#free()
*/
public int shutdownSSL(int timeout)
throws IllegalStateException, SocketTimeoutException, SocketException {
int ret;
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered shutdownSSL(timeout: " + timeout + ")");
ret = shutdownSSL(this.sslPtr, timeout);
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "shutdownSSL() ret: " + ret +
", err: " + getError(ret));
}
throwExceptionFromIOReturnValue(ret, "wolfSSL_shutdown()");
return ret;
}
/**
* Returns a unique error code describing why the previous API function
* call resulted in an error return code.
* The return value of the previous function is passed to getError()
* through ret.
*
* After getError() is called and returns the unique error
* code, getErrorString() may be called to get a human-
* readable error string.
*
* @param ret return value of the previous function which resulted
* in an error return code.
* @return the unique error code describing why the previous API
* function failed. SSL_ERROR_NONE will be returned if
* ret is less than 0.
* @throws IllegalStateException WolfSSLContext has been freed
* @see WolfSSL#getErrorString(long)
*/
public int getError(int ret) throws IllegalStateException {
confirmObjectIsActive();
synchronized (sslLock) {
return getError(this.sslPtr, ret);
}
}
/**
* Sets the session (native WOLFSSL_SESSION) to be used with this object
* for session resumption.
*
* The native WOLFSSL_SESSION pointed to contains all the necessary
* information required to perform a session resumption and reestablishment
* of the connection without a new handshake.
*
* To do session resumption, before calling shutdownSSL()
* with your WolfSSLSession object, save the internal session state by
* calling getSession(), which returns a pointer to the
* native WOLFSSL_SESSION session structure. Later, when the application
* is ready to resume a session, it should create a new WolfSSLSession
* object and assign the previously-saved session pointer by passing it
* to the setSession(long session) method. This should be
* done before the handshake is started for the second/resumed time. After
* calling setSession(long session), the application may call
* connect() and wolfSSL will try to resume the session. If
* the session cannot be resumed, a new fresh handshake will be
* established.
*
* @param session pointer to the native WOLFSSL_SESSION structure used
* to set the session for the SSL session object.
* @return SSL_SUCCESS upon successfully setting
* the session. SSL_FAILURE will be
* returned on failure. This could be caused by the
* session cache being disabled, or if the session has
* timed out.
* @throws IllegalStateException WolfSSLContext has been freed
* @see #getSession()
*/
public int setSession(long session) throws IllegalStateException {
int ret;
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered setSession(ptr: " +
session + ")");
if ((session != 0) && (wolfsslSessionIsSetup(session) == 1)) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "session pointer (" +
session + ") is setup");
}
else {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"session pointer is null or not set up");
}
ret = setSession(this.sslPtr, session);
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "setSession(session: " +
session + ") ret: " + ret + ", err: " + getError(ret));
return ret;
}
}
/**
* Returns a pointer to the current session (native WOLFSSL_SESSION)
* associated with this object, or null if not available.
*
* The native WOLFSSL_SESSION pointed to contains all the necessary
* information required to perform a session resumption and reestablishment
* of the connection without a new handshake.
*
* To do session resumption, before calling shutdownSSL()
* with your WolfSSLSession object, save the internal session state by
* calling getSession(), which returns a pointer to the
* native WOLFSSL_SESSION session structure. Later, when the application
* is ready to resume a session, it should create a new WolfSSLSession
* object and assign the previously-saved session pointer by passing it
* to the setSession(long session) method. This should be
* done before the handshake is started for the second/resumed time. After
* calling setSession(long session), the application may call
* connect() and wolfSSL will try to resume the session. If
* the session cannot be resumed, a new fresh handshake will be
* established.
*
* IMPORTANT: *
* The pointer (WOLFSSL_SESSION) returned by this method needs to be freed
* when the application is finished with it by calling
* freeSession(long session). This will release the underlying
* native memory associated with this WOLFSSL_SESSION. Failing to free
* the session will result in a memory leak.
*
* @throws IllegalStateException this WolfSSLSession has been freed
* @return a pointer to the current SSL session object on success.
* null if ssl is null,
* the SSL session cache is disabled, wolfSSL doesn't have
* the session ID available, or mutex functions fail.
* @see #setSession(long)
*/
public long getSession() throws IllegalStateException {
long sessPtr = 0;
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered getSession()");
/* Calling get1Session() here as an indication that the native
* JNI level should always return a session pointer that needs
* to be freed by the application. This behavior can change in
* native wolfSSL depending on build options
* (ex: NO_SESSION_CACHE_REF), so JNI layer here will make that
* behavior consistent to the JNI/JSSE callers. */
sessPtr = get1Session(this.sslPtr);
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"get1Session(), ret ptr: " + sessPtr);
if ((sessPtr != 0) && (wolfsslSessionIsSetup(sessPtr) == 1)) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "session pointer (" +
sessPtr + ") is setup");
}
else {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"session pointer is null or not set up");
}
return sessPtr;
}
}
/**
* Check if native WOLFSSL_SESSION has been set up or not.
*
* This method is static and does not check active state since this
* takes a native pointer and has no interaction with the rest of this
* object.
*
* @param session pointer to native WOLFSSL_SESSION structure. May be
* obtained from getSession().
*
* @return 1 if session has been set up, otherwise 0 if not set up. May
* return WolfSSL.NOT_COMPILED_IN if native wolfSSL does not have
* wolfSSL_SessionIsSetup() compiled in. This API was added
* after the wolfSSL 5.7.0 release.
*/
public static int sessionIsSetup(long session) {
int ret;
WolfSSLDebug.log(WolfSSLSession.class, WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, "entered sessionIsSetup(" + session + ")");
if (session == 0) {
WolfSSLDebug.log(WolfSSLSession.class, WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, "sessionIsSetup(), ptr null, returning 0");
return 0;
}
ret = wolfsslSessionIsSetup(session);
WolfSSLDebug.log(WolfSSLSession.class, WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, "sessionIsSetup(" + session + ") ret: " + ret);
return ret;
}
/**
* Check if native WOLFSSL_SESSION is resumable, calling native
* wolfSSL_SESSION_is_resumable().
*
* This method is static and does not check active state since this
* takes a native pointer and has no interaction with the rest of this
* object.
*
* @param session pointer to native WOLFSSL_SESSION structure. May be
* obtained from getSession().
*
* @return 1 if session is resumable, otherwise 0. Returns
* WolfSSL.NOT_COMPILED_IN if native wolfSSL does not have
* wolfSSL_SESSION_is_resumable() compiled in.
*/
public static int sessionIsResumable(long session) {
int ret;
WolfSSLDebug.log(WolfSSLSession.class, WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, "entered sessionIsResumable()");
if (session == 0) {
return 0;
}
ret = wolfsslSessionIsResumable(session);
WolfSSLDebug.log(WolfSSLSession.class, WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, "session resumable: " + ret);
return ret;
}
/**
* Deep copy the contents of the WOLFSSL_SESSION, calling native
* wolfSSL_SESSION_dup().
*
* This session will create a new WOLFSSL_SESSION and deep copy it
* from the WOLFSSL_SESSION pointer provided. Note that if a non-zero
* value is returned the application is responsible for freeing this
* WOLFSSL_SESSION memory when finished by calling freeSession().
*
* @param session pointer to native WOLFSSL_SESSION structure. May have
* been obtained from getSession().
*
* @return long representing a native pointer to a new WOLFSSL_SESSION
* structure, or zero on error (equivalent to a NULL pointer).
*/
public static long duplicateSession(long session) {
long sessPtr = 0;
WolfSSLDebug.log(WolfSSLSession.class, WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, "entered duplicateSession(ptr: " +
session + ")");
if (session == 0) {
WolfSSLDebug.log(WolfSSLSession.class, WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, "session pointer is null, not duplicating");
return 0;
}
if (wolfsslSessionIsSetup(session) == 1) {
WolfSSLDebug.log(WolfSSLSession.class, WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, "session pointer prior to dup (" + session +
") is setup");
}
else {
WolfSSLDebug.log(WolfSSLSession.class, WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, "session pointer prior to dup " +
"is NOT set up");
}
sessPtr = wolfsslSessionDup(session);
WolfSSLDebug.log(WolfSSLSession.class, WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, "duplicated session ptr: " + sessPtr);
if ((sessPtr != 0) && (wolfsslSessionIsSetup(sessPtr) == 1)) {
WolfSSLDebug.log(WolfSSLSession.class, WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, "session pointer after dup (" + sessPtr +
") is setup");
}
else {
WolfSSLDebug.log(WolfSSLSession.class, WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, "session pointer after dup is NOT set up");
}
return sessPtr;
}
/**
* Get cipher suite name from WOLFSSL_SESSION, calling native
* wolfSSL_SESSION_CIPHER_get_name().
*
* This method is static and does not check active state since this
* takes a native pointer and has no interaction with the rest of this
* object.
*
* @param session pointer to native WOLFSSL_SESSION structure. May have
* been obtained from getSession().
* @return String representation of the cipher suite used in native
* WOLFSSL_SESSION structure, or NULL if not able to find the
* session.
*/
public static String sessionGetCipherName(long session) {
WolfSSLDebug.log(WolfSSLSession.class, WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, "entered sessionGetCipherName(ptr: " +
session + ")");
if (session == 0) {
return null;
}
return wolfsslSessionCipherGetName(session);
}
/**
* Free the native WOLFSSL_SESSION structure pointed to be session.
*
* @param session native WOLFSSL_SESSION pointer to free
*/
public static synchronized void freeSession(long session) {
/* No need to call confirmObjectIsActive() because the
* WOLFSSL_SESSION pointer being passed in here is not associated
* with this WOLFSSL object or WolfSSLSession. */
WolfSSLDebug.log(WolfSSLSession.class, WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, "entered freeSession(ptr: " + session + ")");
if (session != 0) {
freeNativeSession(session);
}
WolfSSLDebug.log(WolfSSLSession.class, WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, "session freed (ptr: " + session + ")");
}
/**
* Returns the session ID.
*
* @throws IllegalStateException WolfSSLContext has been freed
* @return the session ID, or a empty array if unable to get valid
* session ID
* @see #setSession(long)
*/
public byte[] getSessionID() throws IllegalStateException {
byte[] sessId = null;
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered getSessionID()");
long sess = getSession(this.sslPtr);
if (sess != 0) {
/* returns new byte[] independent of sess ptr */
sessId = getSessionID(sess);
} else {
sessId = new byte[0];
}
WolfSSLDebug.logHex(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "session ID", sessId,
sessId.length);
return sessId;
}
}
/**
* Check if there is a session ticket associated with this
* WolfSSLSession (WOLFSSL_SESSION).
*
* @return true if internal session has session ticket, otherwise false
* @throws IllegalStateException WolfSSLContext has been freed
*/
public boolean hasSessionTicket() throws IllegalStateException {
boolean hasTicket = false;
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered hasSessionTicket()");
long sess = getSession(this.sslPtr);
if (sess != 0) {
if (hasTicket(sess) == WolfSSL.SSL_SUCCESS) {
hasTicket = true;
}
}
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "session has ticket: " +
hasTicket);
return hasTicket;
}
}
/**
* Gets the cache size is set at compile time.
* This function returns the current cache size which has been set at compile
* time.
*
* @return size of compile time cache.
* @throws IllegalStateException WolfSSLSession has been freed
*/
public long getCacheSize() throws IllegalStateException {
long ret;
confirmObjectIsActive();
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, "entered getCacheSize()");
ret = this.getAssociatedContextPtr().getCacheSize();
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, "cache size: " + ret);
return ret;
}
/**
* Associate client session with serverID, find existing or store
* for saving. If newSess flag is on, don't reuse existing session.
*
* @param id server ID to associate client session with
* @param newSess if 1, don't reuse existing session, otherwise 0
*
* @return WolfSSL.SSL_SUCCESS on success, WolfSSL.SSL_FAILURE on
* error. Or WolfSSL.NOT_COMPILED_IN if native API is not
* compiled into library.
* @throws IllegalStateException WolfSSLSession has been freed
*/
public int setServerID(byte[] id, int newSess)
throws IllegalStateException {
int ret;
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered setServerID(byte[], newSess: " + newSess + ")");
ret = setServerID(this.sslPtr, id, id.length, newSess);
if (ret == WolfSSL.SSL_SUCCESS) {
if (id != null) {
WolfSSLDebug.logHex(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "set server ID",
id, id.length);
}
else {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"server ID byte[] null, not set");
}
}
else {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"failed to set server ID, ret: " + ret);
}
return ret;
}
}
/**
* Sets the timeout in seconds in the given WOLFSSL_SESSION.
*
* @param t time in seconds to set
* @throws IllegalStateException WolfSSLSession has been freed
* @return WolfSSL.SSL_SUCCESS on success, WolfSSL.JNI_SESSION_UNAVAILABLE
* if underlying session is unavailable, or negative values
* on failure.
* @see #setSession(long)
* @see #getSession(long)
*/
public int setSessTimeout(long t) throws IllegalStateException {
int ret;
long session;
confirmObjectIsActive();
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, "entered setSessTimeout(timeout (sec): " +
t + ")");
session = this.getSession();
if (session == 0) {
/* session may be null if session cache disabled, wolfSSL
* doesn't have session ID available, mutex function fails, etc */
ret = WolfSSL.JNI_SESSION_UNAVAILABLE;
}
ret = setSessTimeout(session, t);
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, "set session timeout, ret: " + ret);
return ret;
}
/**
* Gets the timeout in seconds in the given WOLFSSL_SESSION.
*
* @throws IllegalStateException WolfSSLSession has been freed
* @return current timeout in seconds
* @see #setSession(long)
* @see #getSession(long)
*/
public long getSessTimeout() throws IllegalStateException {
long ret;
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered getSessTimeout()");
ret = getSessTimeout(this.getSession(this.sslPtr));
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"session timeout (sec): " + ret);
return ret;
}
}
/**
* Sets the timeout in seconds in the given SSL object.
*
* @param t time in seconds to set
* @throws IllegalStateException WolfSSLSession has been freed
* @return WOLFSSL_SUCCESS on success, negative values on failure.
* @see #setSession(long)
* @see #getSession(long)
*/
public int setTimeout(long t) throws IllegalStateException {
int ret;
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered setTimeout(timeout: " + t + ")");
ret = setTimeout(this.sslPtr, t);
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "set timeout, ret: " + ret);
return ret;
}
}
/**
* Gets the timeout in seconds in the given SSL object.
*
* @throws IllegalStateException WolfSSLContext has been freed
* @return current timeout in seconds
* @see #setSession(long)
* @see #getSession(long)
*/
public long getTimeout() throws IllegalStateException {
long ret;
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered getTimeout()");
ret = getTimeout(this.sslPtr);
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "timeout: " + ret);
return ret;
}
}
/**
* Sets the cipher suite list for a given SSL session.
* The ciphers in the list should be sorted in order of preference from
* highest to lowest. Each call to setCipherList() resets
* the cipher suite list for the specific SSL session to the provided list
* each time time the method is called.
*
* The cipher suite list, list, is a null-terminated text String, * and colon-delimited list. For example, one possible list may be: *
* "DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256"
*
* Valid cipher values are the full name values from the cipher_names[]
* array in the native wolfSSL src/internal.c:
*
* @param list null-terminated text string and colon-delimited list
* of cipher suites to use with the specified SSL
* session.
* @return SSL_SUCCESS upon success.
* SSL_FAILURE upon failure.
* @throws IllegalStateException WolfSSLSession has been freed
* @see WolfSSLContext#setCipherList(String)
*/
public int setCipherList(String list) throws IllegalStateException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered setCipherList(" + list + ")");
return setCipherList(this.sslPtr, list);
}
}
/**
* Sets the supported signature algorithms for the given SSL session.
* By default, without calling this method, native wolfSSL will add the
* signature-hash algorithms automatically to the ClientHello message
* based on which algorithms and modes are compiled into the native library.
*
* Calling this function will override the defualt list with the specified
* list.
*
* The signature algorithm list, list, is a null-terminated text
* String, and colon delimited list. Each list item is a combination of
* public key algorithm and MAC algorithm, concatenated with a plus
* sign (+).
*
* Possible public key algorithms include the following, but are dependent
* on which algorithms are compiled into the native library:
*
* "RSA" - available if NO_RSA is not defined
* "RSA-PSS" - available if !NO_RSA and WC_RSA_PSS
* "PSS" - available if !NO_RSA and WC_RSA_PSS
* "ECDSA" - available if HAVE_ECC
* "ED25519" - available if HAVE_ED25519
* "ED448" - available if HAVE_ED448
* "DSA" - available if !NO_DSA
*
* Possible MAC/hash algorithms include the following, but are also
* dependent on which algorithms are compiled into the native library:
*
* "SHA1" - available if !NO_SHA and (!NO_OLD_TLS or WOLFSSL_ALLOW_TLS_SHA1)
* "SHA224" - available if WOLFSSL_SHA224
* "SHA256" - available if WOLFSSL_SHA256
* "SHA384" - available if WOLFSSL_SHA384
* "SHA512" - available if WOLFSSL_SHA512
*
* When put together as list items these would look similar to:
*
* "RSA+SHA256:ECDSA+SHA256"
*
* @param list null-terminated text string and colon-delimited list
* of signature algorithms to use with the specified SSL
* session.
* @return SSL_SUCCESS upon success.
* SSL_FAILURE upon failure.
* @throws IllegalStateException WolfSSLSession has been freed
*/
public int setSignatureAlgorithms(String list)
throws IllegalStateException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered setSignatureAlgorithms(" + list + ")");
return set1SigAlgsList(this.sslPtr, list);
}
}
/**
* Sets the TLS Supported Curves to be used in the ClientHello
* extension if enabled in native wolfSSL.
*
* @param curveNames String array of ECC curve names to set into the
* Supported Curve extension. String values should match names from
* the following list:
* "sect163k1", "sect163r1", "sect163r2", "sect193r1",
* "sect193r2", "sect233k1", "sect233r1", "sect239k1",
* "sect283k1", "sect283r1", "sect409k1", "sect409r1",
* "sect571k1", "sect571r1", "secp160k1", "secp160r1",
* "secp160r2", "secp192k1", "secp192r1", "secp224k1",
* "secp224r1", "secp256k1", "secp256r1", "secp384r1",
* "secp521r1", "brainpoolP256r1", "brainpoolP384r1",
* "brainpoolP512r1", "x25519", "x448", "sm2P256v1",
* "ffdhe2048", "ffdhe3072", "ffdhe4096", "ffdhe6144",
* "ffdhe8192"
*
* @return WolfSSL.SSL_SUCCESS on success, otherwise
* negative on error.
* @throws IllegalStateException WolfSSLSession has been freed
*/
public int useSupportedCurves(String[] curveNames)
throws IllegalStateException {
int ret = 0;
int curveEnum = 0;
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered useSupportedCurves(" +
Arrays.asList(curveNames) + ")");
}
for (String curve : curveNames) {
curveEnum = WolfSSL.getNamedGroupFromString(curve);
synchronized (sslLock) {
ret = useSupportedCurve(this.sslPtr, curveEnum);
}
}
return ret;
}
/* ---------------- Nonblocking DTLS helper functions -------------- */
/**
* Returns the current timeout value in seconds for the SSL session.
* When using non-blocking sockets, something in the user code needs
* to decide when to check for available recv data and how long it has
* been waiting. The value returned by this method indicates how long the
* application should wait.
*
* @return the current DTLS timeout value in seconds,
* NOT_COMPILED_IN if wolfSSL was not built
* with DTLS support.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see #dtls()
* @see #dtlsGetPeer()
* @see #dtlsGotTimeout()
* @see #dtlsSetPeer(InetSocketAddress)
*/
public int dtlsGetCurrentTimeout()
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered dtlsGetCurrentTimeout()");
return dtlsGetCurrentTimeout(this.sslPtr);
}
}
/**
* Performs the actions needed to retry the last retransmit, including
* adjusting the timeout value.
* When using non-blocking sockets with DTLS, this method should be
* called on the SSL session when the controlling code thinks the
* transmission has timed out.
*
* @return SSL_SUCCESS upon success.
* SSL_FATAL_ERROR if there have been too many
* retransmissions/timeouts without getting a response from
* the peer. NOT_COMPILED_IN if wolfSSL was
* not compiled with DTLS support.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see #dtlsGetCurrentTimeout()
* @see #dtlsGetPeer()
* @see #dtlsSetPeer(InetSocketAddress)
* @see #dtls()
*/
public int dtlsGotTimeout()
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered dtlsGotTimeout()");
return dtlsGotTimeout(this.sslPtr);
}
}
/**
* Used to determine if the SSL session has been configured to use DTLS.
*
* @return 1 if the SSL has been configured to use DTLS,
* otherwise, 0.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see #dtlsGetCurrentTimeout()
* @see #dtlsGetPeer()
* @see #dtlsGotTimeout()
* @see #dtlsSetPeer(InetSocketAddress)
*/
public int dtls()
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered dtls()");
return dtls(this.sslPtr);
}
}
/**
* Sets the DTLS peer.
*
* @param peer DTLS peer's InetSocketAddress
* @return SSL_SUCCESS upon success,
* SSL_FAILURE upon failure,
* SSL_NOT_IMPLEMENTED if wolfSSL was not compiled
* with DTLS support.
* @throws IllegalStateException WolfSSLContext has been freed
* @see #dtlsGetCurrentTimeout()
* @see #dtlsGetPeer()
* @see #dtlsGotTimeout()
* @see #dtls()
*/
public int dtlsSetPeer(InetSocketAddress peer)
throws IllegalStateException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered dtlsSetPeer(" + peer + ")");
return dtlsSetPeer(this.sslPtr, peer);
}
}
/**
* Gets the InetSocketAddress of the DTLS peer.
*
* @return DTLS peer's InetSocketAddress upon success,
* null upon failure.
* @throws IllegalStateException WolfSSLContext has been freed
* @see #dtlsGetCurrentTimeout()
* @see #dtlsGotTimeout()
* @see #dtlsSetPeer(InetSocketAddress)
* @see #dtls()
*/
public InetSocketAddress dtlsGetPeer() throws IllegalStateException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered dtlsGetPeer()");
return dtlsGetPeer(this.sslPtr);
}
}
/**
* Determine if a reused session was negotiated during the SSL
* handshake.
* If session resumption is being used, and the client has proposed to
* reuse a given session, this method will notify the application if the
* requested session has been negotiated after the handshake has completed.
*
* @return 1 if the session was reused, 0 if a new
* session needed to be negotiated.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see #setSession(long)
* @see #getSession()
*/
public int sessionReused()
throws IllegalStateException, WolfSSLJNIException {
int ret;
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered sessionReused()");
ret = sessionReused(this.sslPtr);
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "session reused: " + ret);
}
return ret;
}
/**
* Gets the native (long) WOLFSSL_X509 pointer to the peer's certificate.
* This can be used to retrieve further information about the peer's
* certificate (issuer, subject, alt name, etc.)
*
* wolfSSL versions 5.3.0 or later return a newly-allocated
* WOLFSSL_X509 structure poiner from the native
* wolfSSL_get_peer_certificate() API called by this wrapper. If using
* wolfSSL greater than or equal to 5.3.0, the pointer (long) returned
* from this method must be freed by the caller. Versions of wolfSSL
* less than 5.3.0 should not free the pointer returned since it points
* to internal memory that is freed by native wolfSSL.
*
* Pointer should be freed by calling:
* WolfSSLCertificate.freeX509(long x509);
*
* @return (long) WOLFSSL_X509 pointer to the peer's certificate.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see WolfSSLSession#getPeerX509Issuer(long)
* @see WolfSSLSession#getPeerX509Subject(long)
* @see WolfSSLSession#getVersion()
* @see WolfSSLSession#getCurrentCipher()
*/
public long getPeerCertificate()
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered getPeerCertificate()");
return getPeerCertificate(this.sslPtr);
}
}
/**
* Gets the peer X509 certificate's issuer information.
*
* @param x509 pointer (long) to native WOLFSSL_X509 structure, obtained
* from getPeerCertificate().
* @return String representation of the peer's issuer information
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see WolfSSLSession#getPeerCertificate()
* @see WolfSSLSession#getPeerX509Subject(long)
* @see WolfSSLSession#getVersion()
* @see WolfSSLSession#getCurrentCipher()
*/
public String getPeerX509Issuer(long x509)
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered getPeerX509Issuer()");
return getPeerX509Issuer(this.sslPtr, x509);
}
}
/**
* Gets the peer X509 certificate's subject information.
*
* @param x509 pointer (long) to native WOLFSSL_X509 structure, obtained
* from getPeerCertificate().
* @return String representation of the peer's subject information
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see WolfSSLSession#getPeerCertificate()
* @see WolfSSLSession#getPeerX509Issuer(long)
* @see WolfSSLSession#getVersion()
* @see WolfSSLSession#getCurrentCipher()
*/
public String getPeerX509Subject(long x509)
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered getPeerX509Subject()");
return getPeerX509Subject(this.sslPtr, x509);
}
}
/**
* Gets the peer X509 certificate's altname information.
* This method may be repeatedly called to get the next altname, if any,
* from the peer cert. If no more altnames are available, null
* will be returned.
*
* @param x509 pointer (long) to native WOLFSSL_X509 structure, obtained
* from getPeerCertificate().
* @return String representation of the peer's subject information
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see WolfSSLSession#getPeerCertificate()
* @see WolfSSLSession#getPeerX509Issuer(long)
* @see WolfSSLSession#getPeerX509Subject(long)
* @see WolfSSLSession#getVersion()
* @see WolfSSLSession#getCurrentCipher()
*/
public String getPeerX509AltName(long x509)
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered getPeerX509AltName()");
return getPeerX509AltName(this.sslPtr, x509);
}
}
/**
* Returns the SSL/TLS version being used with this session object in
* String format.
* Examples include "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "DTLS",
* "DTLS 1.2", and "DTLS 1.3.
*
* @return SSL/TLS protocol version being used in String format,
* or "unknown".
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
*/
public String getVersion()
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered getVersion()");
return getVersion(this.sslPtr);
}
}
/**
* Returns a pointer to the native WOLFSSL_CIPHER object being used
* in with the SSL session.
* This pointer can be used with the getCipherName() function
* to get the name of the current cipher suite being used.
*
* @return pointer (long) to the native WOLFSSL_CIPHER object
* currently used with the SSL session.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see WolfSSLSession#cipherGetName()
*/
public long getCurrentCipher()
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered getCurrentCipher()");
return getCurrentCipher(this.sslPtr);
}
}
/**
* Adds a domain check to the list of checks performed during the peer
* verification.
* wolfSSL by default check the peer certificate for a valid date range
* and a verified signature. Calling this function before connect()
* or accept() will add a domain name check to the
* list of checks to perform.
*
* @param dn domain name to check against the peer certificate
* when received.
* @return SSL_SUCCESS on success, SSL_FAILURE
* if a memory error was encountered.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
*/
public int checkDomainName(String dn)
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered checkDomainName(" + dn + ")");
return checkDomainName(this.sslPtr, dn);
}
}
/**
* Sets up the group parameters to be used if the server negotiates
* a cipher suite that uses DHE.
*
* @param p Diffie-Hellman prime number parameter
* @param pSz size of p
* @param g Diffie-Hellman "generator" parameter
* @param gSz size of g
* @return SSL_SUCCESS on success. MEMORY_E
* if a memory error was encountered.
* SIDE_ERROR if this function is called on an
* SSL client instead of an SSL server.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see #accept()
*/
public int setTmpDH(byte[] p, int pSz, byte[] g, int gSz)
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered setTmpDH(pSz: " + pSz +
", gSz: " + gSz + ")");
return setTmpDH(this.sslPtr, p, pSz, g, gSz);
}
}
/**
* Sets up the group parameters from the specified file to be used if the
* server negotiates a cipher suite that uses DHE.
*
* @param fname path to Diffie-Hellman parameter file
* @param format format of DH parameter file, either
* SSL_FILETYPE_ASN1 or
* SSL_FILETYPE_PEM.
* @return SSL_SUCCESS on success. MEMORY_E
* if a memory error was encountered.
* SIDE_ERROR if this function is called on an
* SSL client instead of an SSL server,
* SSL_BAD_FILETYPE if the specified format is
* incorrect, SSL_BAD_FILE if there is a
* problem with the input file.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see #setTmpDH(byte[], int, byte[], int)
*/
public int setTmpDHFile(String fname, int format)
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered getTmpDHFile(" +
fname + ", format:" + format + ")");
return setTmpDHFile(this.sslPtr, fname, format);
}
}
/**
* Loads a certificate buffer into the SSL object.
* This method behaves like the non-buffered version, only differing
* in its ability to be called with a buffer as input instead of a file.
*
* @param in input buffer containing the certificate to load
* @param sz size of the input buffer, in
* @param format format of the certificate buffer being loaded - either
* SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1
* @return SSL_SUCCESS upon success,
* SSL_BAD_FILETYPE if the file is
* in the wrong format, SSL_BAD_FILE
* if the file doesn't exist, can't be read, or is
* corrupted. MEMORY_E if an out of
* memory condition occurs, ASN_INPUT_E
* if Base16 decoding fails on the file, and
* BAD_FUNC_ARG if invalid input parameters
* are given.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see WolfSSLContext#loadVerifyBuffer(byte[], long, int)
* @see WolfSSLContext#useCertificateBuffer(byte[], long, int)
* @see WolfSSLContext#usePrivateKeyBuffer(byte[], long, int)
* @see WolfSSLContext#useCertificateChainBuffer(byte[], long)
* @see #usePrivateKeyBuffer(byte[], long, int)
* @see #useCertificateChainBuffer(byte[], long)
*/
public int useCertificateBuffer(byte[] in, long sz, int format)
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered useCertificateBuffer(sz: " + sz + ", format: " +
format + ")");
return useCertificateBuffer(this.sslPtr, in, sz, format);
}
}
/**
* Loads a private key buffer into the SSL object.
* This method behaves like the non-buffered version, only differing
* in its ability to be called with a buffer as input rather than a file.
*
* @param in the input buffer containing the private key to be
* loaded
* @param sz the size of the input buffer, in
* @param format format of the certificate buffer being loaded - either
* SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1
* @return SSL_SUCCESS upon success,
* SSL_BAD_FILETYPE if the file is
* in the wrong format, SSL_BAD_FILE
* if the file doesn't exist, can't be read, or is
* corrupted. MEMORY_E if an out of
* memory condition occurs, ASN_INPUT_E
* if Base16 decoding fails on the file,
* NO_PASSWORD if the key file is
* encrypted but no password is provided, and
* BAD_FUNC_ARG if invalid input parameters
* are given.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see WolfSSLContext#loadVerifyBuffer(byte[], long, int)
* @see WolfSSLContext#useCertificateBuffer(byte[], long, int)
* @see WolfSSLContext#usePrivateKeyBuffer(byte[], long, int)
* @see WolfSSLContext#useCertificateChainBuffer(byte[], long)
* @see #useCertificateBuffer(byte[], long, int)
* @see #useCertificateChainBuffer(byte[], long)
*/
public int usePrivateKeyBuffer(byte[] in, long sz, int format)
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered usePrivateKeyBuffer(sz: " + sz + ", format: " +
format + ")");
return usePrivateKeyBuffer(this.sslPtr, in, sz, format);
}
}
/**
* Loads a certificate chain buffer into the SSL object.
* This method behaves like the non-buffered version, only differing
* in its ability to be called with a buffer as input instead of a file.
* The buffer must be in PEM format and start with the subject's
* certificate, ending with the root certificate.
*
* @param in the input buffer containing the PEM-formatted
* certificate chain to be loaded.
* @param sz the size of the input buffer, in
* @return SSL_SUCCESS upon success,
* SSL_BAD_FILETYPE if the file is
* in the wrong format, SSL_BAD_FILE
* if the file doesn't exist, can't be read, or is
* corrupted. MEMORY_E if an out of
* memory condition occurs, ASN_INPUT_E
* if Base16 decoding fails on the file,
* BUFFER_E if a chain buffer is
* bigger than the receiving buffer, and
* BAD_FUNC_ARG if invalid input parameters
* are given.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see WolfSSLContext#loadVerifyBuffer(byte[], long, int)
* @see WolfSSLContext#useCertificateBuffer(byte[], long, int)
* @see WolfSSLContext#usePrivateKeyBuffer(byte[], long, int)
* @see WolfSSLContext#useCertificateChainBuffer(byte[], long)
* @see #useCertificateBuffer(byte[], long, int)
* @see #usePrivateKeyBuffer(byte[], long, int)
*/
public int useCertificateChainBuffer(byte[] in, long sz)
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered useCertificateChainBuffer(sz: " + sz + ")");
return useCertificateChainBuffer(this.sslPtr, in, sz);
}
}
/**
* Loads a certificate chain buffer into the SSL object in specific format.
* This method behaves like the non-buffered version, only differing
* in its ability to be called with a buffer as input instead of a file.
* This function is similar to useCertificateChainBuffer(), but allows
* the input format to be specified. The format must be either DER or PEM,
* and start with the subject's certificate, ending with the root
* certificate.
*
* @param in the input buffer containing the PEM or DER formatted
* certificate chain to be loaded.
* @param sz the size of the input buffer, in
* @param format format of the certificate buffer being loaded - either
* SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1
* @return SSL_SUCCESS upon success,
* SSL_FAILURE upon general failure,
* SSL_BAD_FILETYPE if the file is
* in the wrong format, SSL_BAD_FILE
* if the file doesn't exist, can't be read, or is
* corrupted. MEMORY_E if an out of
* memory condition occurs, ASN_INPUT_E
* if Base16 decoding fails on the file,
* BUFFER_E if a chain buffer is
* bigger than the receiving buffer, and
* BAD_FUNC_ARG if invalid input arguments
* are provided.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see #useCertificateBuffer(byte[], long, int)
* @see #usePrivateKeyBuffer(byte[], long, int)
* @see WolfSSLSession#useCertificateBuffer(byte[], long, int)
* @see WolfSSLSession#usePrivateKeyBuffer(byte[], long, int)
* @see WolfSSLSession#useCertificateChainBuffer(byte[], long)
*/
public int useCertificateChainBufferFormat(byte[] in, long sz, int format)
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered useCertificateChainBufferFormat(sz: " + sz +
", format: " + format + ")");
return useCertificateChainBufferFormat(this.sslPtr, in, sz, format);
}
}
/**
* Turns on grouping of the handshake messages where possible using the
* SSL session.
*
* @return SSL_SUCCESS upon success.
* BAD_FUNC_ARG if the input session is null.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see WolfSSLContext#setGroupMessages()
*/
public int setGroupMessages()
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered setGroupMessages()");
return setGroupMessages(this.sslPtr);
}
}
/**
* Registers a context for the SSL session's receive callback method.
* By default, wolfSSL sets the file descriptor passed to setFd() as
* the context when wolfSSL is using the system's TCP library. If you've
* registered your own receive callback you may want to set a specific
* context for the session.
*
* For example, if you're using memory buffers, the context may be a * pointer to an object describing where and how to access the memory * buffers. * * @param ctx context object to be registered with the SSL session's * receive callback method. * @throws IllegalStateException WolfSSLContext has been freed * @throws WolfSSLJNIException Internal JNI error * @see #setIOWriteCtx(Object) * @see WolfSSLContext#setIORecv(WolfSSLIORecvCallback) * @see WolfSSLContext#setIOSend(WolfSSLIOSendCallback) */ public void setIOReadCtx(Object ctx) throws IllegalStateException, WolfSSLJNIException { confirmObjectIsActive(); synchronized (sslLock) { WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, WolfSSLDebug.INFO, this.sslPtr, "entered setIOReadCtx()"); ioReadCtx = ctx; } } /** * Return the SSL session's receive callback context, if set. * * @return Object that was set with setIOReadCtx(). * @throws IllegalStateException WolfSSLContext has been freed */ public Object getIOReadCtx() throws IllegalStateException { confirmObjectIsActive(); synchronized (sslLock) { WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, WolfSSLDebug.INFO, this.sslPtr, "entered getIOReadCtx()"); return this.ioReadCtx; } } /** * Registers a context for the SSL session's send callback method. * By default, wolfSSL sets the file descriptor passed to setFd() as * the context when wolfSSL is using the system's TCP library. If * you've registered your own send callback, you may want to set a * specific context for the session. *
* For example, if you're using memory buffers the context may be a
* pointer to an object describing where and how to access the memory
* buffers.
*
* @param ctx context object to be registered with the SSL session's
* send callback method.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see #setIOReadCtx(Object)
* @see WolfSSLContext#setIOSend(WolfSSLIOSendCallback)
* @see WolfSSLContext#setIORecv(WolfSSLIORecvCallback)
*/
public void setIOWriteCtx(Object ctx)
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered setIOWriteCtx()");
ioWriteCtx = ctx;
}
}
/**
* Return the SSL session's write callback context, if set.
*
* @return Object that was set with setIOWriteCtx().
* @throws IllegalStateException WolfSSLContext has been freed
*/
public Object getIOWriteCtx()
throws IllegalStateException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered getIOWriteCtx()");
return this.ioWriteCtx;
}
}
/**
* Registers a context for the SSL session's DTLS cookie generation
* callback method.
* By default, wolfSSL sets the file descriptor passed to setFd() as
* the context when wolfSSL is using the system's TCP library. If
* the application has registered its own DTLS gen cookie callback, it may
* need to set a specific context for the cookie generation method.
*
* @param ctx context object to be registered with the SSL session's
* cookie generation method.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see WolfSSLContext#setGenCookie(WolfSSLGenCookieCallback)
*/
public void setGenCookieCtx(Object ctx)
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered setGenCookieCtx()");
genCookieCtx = ctx;
}
}
/**
* Turns on Certificate Revocation List (CRL) checking when
* verifying certificates.
* By default, CRL checking is off. options include
* WOLFSSL_CRL_CHECKALL which performs CRL checking on each certificate
* in the chain versus the leaf certificate only (which is default).
*
* @param options options to use when enabling CRL
* @return SSL_SUCCESS upon success.
* NOT_COMPILED_IN if wolfSSL was not compiled
* with CRL enabled. MEMORY_E if an out
* of memory condition occurs. BAD_FUNC_ARG
* if a pointer is not provided, and
* SSL_FAILURE if the CRL context cannot be
* initialized properly.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see #disableCRL()
* @see #loadCRL(String, int, int)
* @see #setCRLCb(WolfSSLMissingCRLCallback)
* @see WolfSSLContext#enableCRL(int)
* @see WolfSSLContext#disableCRL()
* @see WolfSSLContext#setCRLCb(WolfSSLMissingCRLCallback)
*/
public int enableCRL(int options)
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered enableCRL(" +
options + ")");
return enableCRL(this.sslPtr, options);
}
}
/**
* Turns off Certificate Revocation List (CRL) checking.
* By default, CRL checking is off. This function can be used to
* temporarily or permanently disable CRL checking for a given SSL
* session object that previously had CRL checking enabled.
*
* @return SSL_SUCCESS on success,
* BAD_FUNC_ARG if pointer is not provided.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see #enableCRL(int)
* @see #loadCRL(String, int, int)
* @see #setCRLCb(WolfSSLMissingCRLCallback)
* @see WolfSSLContext#enableCRL(int)
* @see WolfSSLContext#disableCRL()
* @see WolfSSLContext#setCRLCb(WolfSSLMissingCRLCallback)
*/
public int disableCRL()
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered disableCRL()");
return disableCRL(this.sslPtr);
}
}
/**
* Loads CRL files into wolfSSL from the specified path.
* This method loads a list of CRL files into wolfSSL. The files can be
* in either PEM or DER format, as specified by the type
* parameter.
*
* @param path path to directory containing CRL files
* @param type type of files in path, either
* SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1
* .
* @param monitor OR'd list of flags to indicate if wolfSSL should
* monitor the provided CRL directory for changes.
* Flag values include WOLFSSL_CRL_MONITOR
* to indicate that the directory should be monitored
* and WOLFSSL_CRL_START_MON to start the
* monitor.
* @return SSL_SUCCESS upon success
* SSL_FATAL_ERROR if enabling the
* internal CertManager fails
* BAD_FUNC_ARG if the SSL pointer
* is null
* BAD_PATH_ERROR if there is an
* error opening the provided directory
* MEMORY_E if a memory error
* occurred
* MONITOR_RUNNING_E if the CRL
* monitor is already running
* THREAD_CREATE_E if there was an
* error when creating the CRL monitoring thread.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see #enableCRL(int)
* @see #disableCRL()
* @see #setCRLCb(WolfSSLMissingCRLCallback)
* @see WolfSSLContext#enableCRL(int)
* @see WolfSSLContext#disableCRL()
* @see WolfSSLContext#setCRLCb(WolfSSLMissingCRLCallback)
*/
public int loadCRL(String path, int type, int monitor)
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered loadCRL(" + path +
", type: " + type + ", monitor: " + monitor + ")");
return loadCRL(this.sslPtr, path, type, monitor);
}
}
/**
* Registers CRL callback to be called when CRL lookup fails.
*
* @param cb callback to be registered with SSL session, called
* when CRL lookup fails.
* @return SSL_SUCCESS upon success,
* BAD_FUNC_ARG if SSL pointer is null.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see #enableCRL(int)
* @see #disableCRL()
* @see #loadCRL(String, int, int)
* @see WolfSSLContext#enableCRL(int)
* @see WolfSSLContext#disableCRL()
* @see WolfSSLContext#setCRLCb(WolfSSLMissingCRLCallback)
*/
public int setCRLCb(WolfSSLMissingCRLCallback cb)
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered setCRLCb(" + cb + ")");
return setCRLCb(this.sslPtr, cb);
}
}
/**
* Returns the cipher suite name associated with the WolfSSL session
* in String format.
*
* @return String representation of the cipher suite associated
* with the corresponding WolfSSL session.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see WolfSSLSession#getCurrentCipher()
*/
public String cipherGetName()
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered cipherGetName()");
return cipherGetName(this.sslPtr);
}
}
/**
* Allows retrieval of the Hmac/Mac secret from the handshake process.
* The verify parameter specifies whether this is for verification
* of a peer message.
*
* @param verify specifies whether this if for verification of a peer
* message.
* @return a valid secret upon success, or null for an
* error state. The size of the secret can be obtained
* from getHmacSize().
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see #getHmacSize()
*/
public byte[] getMacSecret(int verify)
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered getMacSecret()");
return getMacSecret(this.sslPtr, verify);
}
}
/**
* Allows retrieval of the client write key from the handshake process.
*
* @return a valid key buffer upon success, or null for an error
* state. The size of the key can be obtained from getKeySize().
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see #getKeySize()
* @see #getClientWriteIV()
*/
public byte[] getClientWriteKey()
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered getClientWriteKey()");
return getClientWriteKey(this.sslPtr);
}
}
/**
* Allows retrieval of the client write IV (initialization vector) from
* the handshake process.
*
* @return a valid IV buffer upon success, or null for an error
* state. The size of the IV can be obtained from
* getCipherBlockSize().
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see #getCipherBlockSize()
* @see #getClientWriteKey()
*/
public byte[] getClientWriteIV()
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered getClientWriteIV()");
return getClientWriteIV(this.sslPtr);
}
}
/**
* Allows retrieval of the server write key from the handshake process.
*
* @return a valid key buffer upon success, or null for an error
* state. The size of the key can be obtained from getKeySize().
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see #getKeySize()
* @see #getServerWriteIV()
*/
public byte[] getServerWriteKey()
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered getServerWriteKey()");
return getServerWriteKey(this.sslPtr);
}
}
/**
* Allows retrieval of the server write IV (initialization vector) from
* the handshake process.
*
* @return a valid IV buffer upon success, or null for an error
* state. The size of the IV can be obtained from
* getCipherBlockSize().
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see #getCipherBlockSize()
* @see #getServerWriteKey()
*/
public byte[] getServerWriteIV()
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered getServerWriteIV()");
return getServerWriteIV(this.sslPtr);
}
}
/**
* Allows retrieval of the key size from the handshake process.
*
* @return the key size in bytes upon success.
* BAD_FUNC_ARG for an error state.
* @throws IllegalStateException WolfSSLContext has been freed
* @see #getClientWriteKey()
* @see #getServerWriteKey()
*/
public int getKeySize() throws IllegalStateException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered getKeySize()");
return getKeySize(this.sslPtr);
}
}
/**
* Allows retrieval of the side of this wolfSSL connection.
*
* @return WOLFSSL_SERVER_END or
* WOLFSSL_CLIENT_END depending on the side
* of the wolfSSL session object.
* BAD_FUNC_ARG for an error state.
* @throws IllegalStateException WolfSSLContext has been freed
* @see #getClientWriteKey()
* @see #getServerWriteKey()
*/
public int getSide() throws IllegalStateException {
int ret;
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered getSide()");
ret = getSide(this.sslPtr);
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "side: " + ret);
}
return ret;
}
/**
* Allows callers to determine if the negotiated protocol version is at
* least TLS version 1.1 or greater.
*
* @return 1 for true, 0 for
* false.
* BAD_FUNC_ARG for an error state.
* @throws IllegalStateException WolfSSLContext has been freed
* @see #getSide()
*/
public int isTLSv1_1() throws IllegalStateException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered isTLSv1_1()");
return isTLSv1_1(this.sslPtr);
}
}
/**
* Allows caller to determine the negotiated bulk cipher algorithm from
* the handshake.
*
* @return If successful, the call will return one of the following:
* WolfSSL.wolfssl_cipher_null
* WolfSSL.wolfssl_des
* WolfSSL.wolfssl_triple_des
* WolfSSL.wolfssl_aes
* WolfSSL.wolfssl_aes_gcm
* WolfSSL.wolfssl_aes_ccm
* WolfSSL.wolfssl_camellia
* BAD_FUNC_ARG for an error state.
* @throws IllegalStateException WolfSSLContext has been freed
* @see #getCipherBlockSize()
* @see #getKeySize()
*/
public int getBulkCipher() throws IllegalStateException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered getBulkCipher()");
return getBulkCipher(this.sslPtr);
}
}
/**
* Allows callers to determine the negotiated cipher block size from the
* handshake.
*
* @return the size in bytes of the cipher block size upon success,
* BAD_FUNC_ARG for an error state.
* @throws IllegalStateException WolfSSLContext has been freed
* @see #getBulkCipher()
* @see #getKeySize()
*/
public int getCipherBlockSize() throws IllegalStateException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered getCipherBlockSize()");
return getCipherBlockSize(this.sslPtr);
}
}
/**
* Allows caller to determine the negotiated aead mac size from the
* handshake.
* For cipher type WOLFSSL_AEAD_TYPE.
*
* @return the size in bytes of the aead mac size upon success,
* BAD_FUNC_ARG for an error state.
* @throws IllegalStateException WolfSSLContext has been freed
* @see #getBulkCipher()
* @see #getKeySize()
*/
public int getAeadMacSize() throws IllegalStateException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered getAeadMacSize()");
return getAeadMacSize(this.sslPtr);
}
}
/**
* Allows the caller to determine the negotiated (h)mac size from the
* handshake.
* For cipher types except WOLFSSL_AEAD_TYPE.
*
* @return the size in bytes of the (h)mac size upon success,
* BAD_FUNC_ARG for an error state.
* @throws IllegalStateException WolfSSLContext has been freed
* @see #getBulkCipher()
* @see #getHmacType()
*/
public int getHmacSize() throws IllegalStateException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered getHmacSize()");
return getHmacSize(this.sslPtr);
}
}
/**
* Allows caller to determine the negotiated (h)mac type from the
* handshake.
* For cipher types except WOLFSSL_AEAD_TYPE.
*
* @return If successful, the call will return one of the following:
* WolfSSL.MD5
* WolfSSL.SHA
* WolfSSL.SHA256
* WolfSSL.SHA394
* BAD_FUNC_ARG or
* SSL_FATAL_ERROR will be returned for an
* error state.
* @throws IllegalStateException WolfSSLContext has been freed
* @see #getBulkCipher()
* @see #getHmacSize()
*
*/
public int getHmacType() throws IllegalStateException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered getHmacType()");
return getHmacType(this.sslPtr);
}
}
/**
* Allows caller to determine the negotiated cipher type from the
* handshake.
*
* @return If successful, the call will return one of the following:
* WolfSSL.WOLFSSL_BLOCK_TYPE
* WolfSSL.WOLFSSL_STREAM_TYPE
* WolfSSL.WOLFSSL_AEAD_TYPE
* BAD_FUNC_ARG will be returned for an
* error state.
* @throws IllegalStateException WolfSSLContext has been freed
* @see #getBulkCipher()
* @see #getHmacType()
*/
public int getCipherType() throws IllegalStateException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered getCipherType()");
return getCipherType(this.sslPtr);
}
}
/**
* Allows caller to set the Hmac Inner vector for message sending/receiving.
* The result is written to inner which should be at least
* getHmacSize() bytes. The size of the message is specified by sz,
* content is the type of message, and verify specifies
* whether this is a verification of a peer message. Valid for cipher
* types excluding WOLFSSL_AEAD_TYPE.
*
* @param inner inner HMAC vector to set
* @param sz size of the message, in bytes
* @param content type of the message
* @param verify specifies if this is a verification of a peer message.
*
* @return 1 upon success,
* BAD_FUNC_ARG for an error state.
* @throws IllegalStateException WolfSSLContext has been freed
* @see #getBulkCipher()
* @see #getHmacType()
*/
public int setTlsHmacInner(byte[] inner, long sz, int content,
int verify) throws IllegalStateException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered setTlsHmacInner(sz: " +
sz + ", content: " + content + ", verify: " + verify + ")");
return setTlsHmacInner(this.sslPtr, inner, sz, content, verify);
}
}
/**
* Allows caller to set the Atomic Record Processing Mac/Encrypt
* Callback Context.
*
* @param ctx context object to be registered with the SSL session's
* MAC/Encrypt method.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see WolfSSLContext#setMacEncryptCb(WolfSSLMacEncryptCallback)
*/
public void setMacEncryptCtx(Object ctx)
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered setMacEncryptCtx(" + ctx + ")");
macEncryptCtx = ctx;
}
}
/**
* Allows caller to set the Atomic User Record Processing Decrypt/Verify
* Callback Context.
*
* @param ctx context object to be registered with the SSL session's
* decrypt/verify method.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see WolfSSLContext#setDecryptVerifyCb(WolfSSLDecryptVerifyCallback)
*/
public void setDecryptVerifyCtx(Object ctx)
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered setDecryptVerifyCtx(" + ctx + ")");
decryptVerifyCtx = ctx;
}
}
/**
* Allows caller to set the Atomic User Record Processing Verify/Decrypt
* Callback Context.
*
* @param ctx context object to be registered with the SSL session's
* verify/decrypt method.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see WolfSSLContext#setVerifyDecryptCb(WolfSSLVerifyDecryptCallback)
*/
public void setVerifyDecryptCtx(Object ctx)
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered setVerifyDecryptCtx(" + ctx + ")");
verifyDecryptCtx = ctx;
}
}
/**
* Allows caller to set the Public Key ECC Signing Callback Context.
*
* @param ctx context object to be registered with the SSL session's
* ECC signing method.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see WolfSSLContext#setEccSignCb(WolfSSLEccSignCallback)
*/
public void setEccSignCtx(Object ctx)
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered setEccSignCtx(" + ctx + ")");
eccSignCtx = ctx;
setEccSignCtx(this.sslPtr);
}
}
/**
* Allows caller to set the Public Key ECC Verification Callback Context.
*
* @param ctx context object to be registered with the SSL session's
* ECC verification method.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see WolfSSLContext#setEccVerifyCb(WolfSSLEccVerifyCallback)
*/
public void setEccVerifyCtx(Object ctx)
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered setEccVerifyCtx(" + ctx + ")");
eccVerifyCtx = ctx;
setEccVerifyCtx(this.sslPtr);
}
}
/**
* Allows caller to set the Public Key ECC Shared Secret Callback Context.
*
* @param ctx context object to be registered with the SSL session's
* ECC shared secret method.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see WolfSSLContext#setEccSignCb(WolfSSLEccSignCallback)
* @see WolfSSLContext#setEccVerifyCb(WolfSSLEccVerifyCallback)
*/
public void setEccSharedSecretCtx(Object ctx)
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered setEccSharedSecretCtx(" + ctx + ")");
eccSharedSecretCtx = ctx;
setEccSharedSecretCtx(this.sslPtr);
}
}
/**
* Allows caller to set the Public Key RSA Signing Callback Context.
*
* @param ctx context object to be registered with the SSL session's
* RSA signing method.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see WolfSSLContext#setRsaSignCb(WolfSSLRsaSignCallback)
*/
public void setRsaSignCtx(Object ctx)
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered setRsaSignCtx(" + ctx + ")");
rsaSignCtx = ctx;
setRsaSignCtx(this.sslPtr);
}
}
/**
* Allows caller to set the Public Key RSA Verification Callback
* Context.
*
* @param ctx context object to be registered with the SSL session's
* RSA verification method.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see WolfSSLContext#setRsaVerifyCb(WolfSSLRsaVerifyCallback)
*/
public void setRsaVerifyCtx(Object ctx)
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered setRsaVerifyCtx(" + ctx + ")");
rsaVerifyCtx = ctx;
setRsaVerifyCtx(this.sslPtr);
}
}
/**
* Allows caller to set the Public Key RSA Public Encrypt Callback
* Context.
*
* @param ctx context object to be registered with the SSL session's
* RSA public encrypt method.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see WolfSSLContext#setRsaEncCb(WolfSSLRsaEncCallback)
*/
public void setRsaEncCtx(Object ctx)
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered setRsaEncCtx(" + ctx + ")");
rsaEncCtx = ctx;
setRsaEncCtx(this.sslPtr);
}
}
/**
* Allows caller to set the Public Key RSA Private Decrypt Callback
* Context.
*
* @param ctx context object to be registered with the SSL session's
* RSA private decrypt method.
* @throws IllegalStateException WolfSSLContext has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see WolfSSLContext#setRsaDecCb(WolfSSLRsaDecCallback)
*/
public void setRsaDecCtx(Object ctx)
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered setRsaDecCtx(" + ctx + ")");
rsaDecCtx = ctx;
setRsaDecCtx(this.sslPtr);
}
}
/**
* Allows caller to set the PSK client callback at the WolfSSLSession level.
* This provides a method for the user to set the identity, hint, and key
* the WolfSSLSession level. The PSK client callback can also be set at the
* WolfSSLContext level, allowing the user to set it once for all
* SSL/TLS sessions that are created from the WolfSSLContext.
* The callback should return the length of the key in octets or
* 0 for error. The ssl parameter is available for the user's
* convenience. hint is the client PSK hint. identity
* is the client identity, with a maximum size in characters of
* idMaxLen. key is the client key, with a maximum size
* in bytes of keyMaxLen. An example callback can be found
* in examples/MyPskClientCallback.java.
*
* If the user sets the PSK client callback at both WolfSSLSession and
* WolfSSLContext levels, the context-level one will be used.
*
* @param callback object to be registered as the PSK client callback
* for the WolfSSLSession. The signature of this object
* and corresponding method must match that as shown in
* WolfSSLPskClientCallback.java, inside
* pskClientCallback().
* @throws IllegalStateException WolfSSLSession has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see WolfSSLContext#setPskClientCb(WolfSSLPskClientCallback)
* @see WolfSSLContext#setPskServerCb(WolfSSLPskServerCallback)
* @see WolfSSLContext#usePskIdentityHint(String)
* @see WolfSSLSession#setPskServerCb(WolfSSLPskServerCallback)
* @see WolfSSLSession#getPskIdentity()
* @see WolfSSLSession#getPskIdentityHint()
*/
public void setPskClientCb(WolfSSLPskClientCallback callback)
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered setPskClientCb(" + callback + ")");
/* set PSK client callback */
internPskClientCb = callback;
/* register internal callback with native library */
setPskClientCb(this.sslPtr);
}
}
/**
* Allows caller to set the PSK server identity and key at the
* WolfSSLSession level.
* The PSK server callback can also be set at the WolfSSLContext level,
* allowing the user to set it once for all SSL/TLS sessions that are
* created from the WolfSSLContext.
* The callback should return the length of the key in octets or
* 0 for error. The ssl parameter is available for the user's
* convenience. identity is the client identity,
* key is the server key, with a maximum size
* in bytes of keyMaxLen. An example callback can be found
* in examples/MyPskServerCallback.java.
*
* @param callback object to be registered as the PSK server callback
* for the WolfSSLSession. The signature of this object
* and corresponding method must match that as shown in
* WolfSSLPskServerCallback.java, inside
* pskServerCallback().
* @throws IllegalStateException WolfSSLSession has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see WolfSSLContext#setPskClientCb(WolfSSLPskClientCallback)
* @see WolfSSLContext#setPskServerCb(WolfSSLPskServerCallback)
* @see WolfSSLContext#usePskIdentityHint(String)
* @see WolfSSLSession#setPskClientCb(WolfSSLPskClientCallback)
* @see WolfSSLSession#getPskIdentity()
* @see WolfSSLSession#getPskIdentityHint()
*/
public void setPskServerCb(WolfSSLPskServerCallback callback)
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered setPskServerCb(" + callback + ")");
/* set PSK server callback */
internPskServerCb = callback;
/* register internal callback with native library */
setPskServerCb(this.sslPtr);
}
}
/**
* Returns the PSK identity hint.
*
* @throws IllegalStateException WolfSSLContext has been freed
* @return PSK identity hint String
* @see WolfSSLContext#setPskClientCb(WolfSSLPskClientCallback)
* @see WolfSSLContext#setPskServerCb(WolfSSLPskServerCallback)
* @see WolfSSLContext#usePskIdentityHint(String)
* @see WolfSSLSession#setPskClientCb(WolfSSLPskClientCallback)
* @see WolfSSLSession#setPskServerCb(WolfSSLPskServerCallback)
* @see WolfSSLSession#getPskIdentity()
* @see WolfSSLSession#usePskIdentityHint(String)
*/
public String getPskIdentityHint() throws IllegalStateException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered getPskIdentityHint()");
return getPskIdentityHint(this.sslPtr);
}
}
/**
* Returns the PSK identity.
*
* @throws IllegalStateException WolfSSLContext has been freed
* @return PSK identity hint String
* @see WolfSSLContext#setPskClientCb(WolfSSLPskClientCallback)
* @see WolfSSLContext#setPskServerCb(WolfSSLPskServerCallback)
* @see WolfSSLContext#usePskIdentityHint(String)
* @see WolfSSLSession#setPskClientCb(WolfSSLPskClientCallback)
* @see WolfSSLSession#setPskServerCb(WolfSSLPskServerCallback)
* @see WolfSSLSession#getPskIdentityHint()
* @see WolfSSLSession#usePskIdentityHint(String)
*/
public String getPskIdentity() {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered getPskIdentity()");
return getPskIdentity(this.sslPtr);
}
}
/**
* Sets the identity hint for this session.
*
* @param hint identity hint to be used for session.
* @throws IllegalStateException WolfSSLContext has been freed
* @return SSL_SUCCESS upon success,
* SSL_FAILURE upon error.
* @see WolfSSLContext#setPskClientCb(WolfSSLPskClientCallback)
* @see WolfSSLContext#setPskServerCb(WolfSSLPskServerCallback)
* @see WolfSSLContext#usePskIdentityHint(String)
* @see WolfSSLSession#setPskClientCb(WolfSSLPskClientCallback)
* @see WolfSSLSession#setPskServerCb(WolfSSLPskServerCallback)
* @see WolfSSLSession#getPskIdentityHint()
* @see WolfSSLSession#getPskIdentity()
*/
public int usePskIdentityHint(String hint) {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered usePskIdentityHint(" + hint + ")");
return usePskIdentityHint(this.sslPtr, hint);
}
}
/**
* Used to determine if the handshake has been completed.
*
* @throws IllegalStateException WolfSSLContext has been freed
* @return true if the handshake is completed -- false if not.
*/
public boolean handshakeDone() {
boolean done = false;
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered handshakeDone()");
done = handshakeDone(this.sslPtr);
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "handshake done: " + done);
}
return done;
}
/**
* Sets the WOLFSSL to be a client
*
* @throws IllegalStateException WolfSSLContext has been freed
*/
public void setConnectState() {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered setConnectState()");
setConnectState(this.sslPtr);
}
}
/**
* Sets the WOLFSSL to be a server
*
* @throws IllegalStateException WolfSSLContext has been freed\
*/
public void setAcceptState() {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered setAcceptState()");
setAcceptState(this.sslPtr);
}
}
/**
* Sets the verification method for remote peers and also allows a
* verify callback to be registered with the SSL session.
* If no verify callback is desired, null can be used for
* callback.
*
* The verification mode of peer certificates is a logically * OR'd list of flags. The possible flag values include: *
* SSL_VERIFY_NONE
* Client mode: the client will not verify the certificate
* received from teh server and the handshake will continue as normal.
* Server mode: the server will not send a certificate request to
* the client. As such, client verification will not be enabled.
*
* SSL_VERIFY_PEER
* Client mode: the client will verify the certificate received
* from the server during the handshake. This is turned on by default in
* wolfSSL, therefore, using this option has no effect.
* Server mode: the server will send a certificate request to the
* client and verify the client certificate received.
*
* SSL_VERIFY_FAIL_IF_NO_PEER_CERT
* Client mode: no effect when used on the client side.
* Server mode: the verification will fail on the server side if
* the client fails to send a certificate when requested to do so (when
* using SSL_VERIFY_PEER on the SSL server).
*
* @param mode verification type
* @param callback custom verification callback to register with the SSL
* session. If no callback is desired, null
* may be used.
* @throws IllegalStateException WolfSSLContext has been freed
*/
public void setVerify(int mode, WolfSSLVerifyCallback callback)
throws IllegalStateException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered setVerify(mode: " +
mode + ", callback: " + callback + ")");
setVerify(this.sslPtr, mode, callback);
}
}
/**
* Sets the options to use for the WOLFSSL structure.
* Example options are WolfSSL.SSL_OP_NO_SSLv3
*
*
* @param op bit mask of options to set
* @return returns the revised options bit mask on success
* @throws IllegalStateException WolfSSLContext has been freed
*/
public long setOptions(long op)
throws IllegalStateException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered setOptions(" + op + ")");
return setOptions(this.sslPtr, op);
}
}
/**
* Gets the options to use for the WOLFSSL structure.
* Example options are WolfSSL.SSL_OP_NO_SSLv3
*
*
* @return returns the revised options bit mask on success
* @throws IllegalStateException WolfSSLContext has been freed
*/
public long getOptions()
throws IllegalStateException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered getOptions()");
return getOptions(this.sslPtr);
}
}
/**
* Returns true if the last alert received by this session was a
* close_notify alert from the peer.
*
* @return true if close_notify has been received, otherwise false
*/
public boolean gotCloseNotify() {
boolean gotNotify = false;
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered gotCloseNotify()");
int ret = gotCloseNotify(this.sslPtr);
if (ret == 1) {
gotNotify = true;
} else {
gotNotify = false;
}
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"got close notify: " + gotNotify);
return gotNotify;
}
}
/**
* Registers a receive callback for wolfSSL to get input data.
* By default, wolfSSL uses EmbedReceive() in src/io.c as the callback.
* This uses the system's TCP recv() function. The user can register a
* function to get input from memory, some other network module, or from
* anywhere. Please see the EmbedReceive() function in src/io.c as a
* guide for how the function should work and for error codes.
*
* In particular, IO_ERR_WANT_READ should be returned for * non-blocking receive when no data is ready. * * @param callback method to be registered as the receive callback for * the wolfSSL context. The signature of this function * must follow that as shown in * WolfSSLIORecvCallback#receiveCallback(WolfSSLSession, * byte[], int, long). * @throws IllegalStateException WolfSSLContext has been freed * @throws WolfSSLJNIException Internal JNI error * @see #setIOSend(WolfSSLIOSendCallback) */ public void setIORecv(WolfSSLIORecvCallback callback) throws IllegalStateException, WolfSSLJNIException { confirmObjectIsActive(); synchronized (sslLock) { WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, WolfSSLDebug.INFO, this.sslPtr, "entered setIORecv(" + callback + ")"); /* set user I/O recv */ internRecvSSLCb = callback; /* register internal callback with native library */ setSSLIORecv(this.sslPtr); } } /** * Registers a send callback for wolfSSL to write output data. * By default, wolfSSL uses EmbedSend() in src/io.c as the callback, * which uses the system's TCP send() function. The user can register * a function to send output to memory, some other network module, or * to anywhere. Please see the EmbedSend() function in src/io.c as a * guide for how the function should work and for error codes. *
* In particular, IO_ERR_WANT_WRITE should be returned for
* non-blocking send when the action cannot be taken yet.
*
* @param callback method to be registered as the send callback for
* the wolfSSL context. The signature of this function
* must follow that as shown in
* WolfSSLIOSendCallback#sendCallback(WolfSSLSession,
* byte[], int, Object).
* @throws IllegalStateException WolfSSLSession has been freed
* @throws WolfSSLJNIException Internal JNI error
* @see #setIORecv(WolfSSLIORecvCallback)
*/
public void setIOSend(WolfSSLIOSendCallback callback)
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered setIOSend(" + callback + ")");
/* set user I/O send */
internSendSSLCb = callback;
/* register internal callback with native library */
setSSLIOSend(this.sslPtr);
}
}
/**
* Interrupt native I/O operations blocked inside select()/poll().
*
* This is used by wolfJSSE when SSLSocket.close() is called, to wake up
* threads that are blocked in select()/poll().
*
* @return WolfSSL.SSL_SUCCESS on success, negative on error.
*
* @throws IllegalStateException WolfSSLSession has been freed
*/
public synchronized int interruptBlockedIO()
throws IllegalStateException {
confirmObjectIsActive();
/* Not synchronizing on sslLock, since we want to interrupt threads
* blocked on I/O operations, which will already hold sslLock */
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, "entered interruptBlockedIO()");
return interruptBlockedIO(this.sslPtr);
}
/**
* Get count of threads currently blocked in select() or poll()
* at the native JNI level.
*
* @return count of threads waiting in select() or poll()
*
* @throws IllegalStateException WolfSSLSession has been freed
*/
public synchronized int getThreadsBlockedInPoll()
throws IllegalStateException {
confirmObjectIsActive();
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, "entered getThreadsBlockedInPoll()");
return getThreadsBlockedInPoll(this.sslPtr);
}
/**
* Use SNI name with this session.
*
* @param type SNI type. Currently supported type is
* WolfSSL.WOLFSSL_SNI_HOST_NAME.
* @param data encoded data for SNI extension value
*
* @return WolfSSL.SSL_SUCCESS on success, negative on error
*
* @throws IllegalStateException if called when WolfSSLSession is not
* active
*/
public int useSNI(byte type, byte[] data)
throws IllegalStateException {
int ret;
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered useSNI(type: " + type + ")");
ret = useSNI(this.sslPtr, type, data);
if (ret == WolfSSL.SSL_SUCCESS) {
/* Save SNI requested by client for use later if needed */
this.clientSNIRequested = Arrays.copyOf(data, data.length);
}
}
return ret;
}
/**
* Return copy of SNI name that this client set/requested. Used at JSSE
* level by Endpoint Identification hostname matching on client-side.
*
* @return client-requested SNI name as byte array, or null if not set
* @throws IllegalStateException if called when WolfSSLSession is not
* active
*/
public byte[] getClientSNIRequest()
throws IllegalStateException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered getClientSNIRequest()");
if (this.clientSNIRequested == null) {
return null;
}
return Arrays.copyOf(this.clientSNIRequested,
this.clientSNIRequested.length);
}
}
/**
* Get SNI request used for this session object as bytes.
*
* @param type SNI type. Currently supported type is
* WolfSSL.WOLFSSL_SNI_HOST_NAME.
* @return SNI name requested in this session as a byte array, or
* null if not available.
* @throws IllegalStateException if called when WolfSSLSession is not
* active
*/
public byte[] getSNIRequestBytes(byte type) throws IllegalStateException {
byte[] reqBytes = null;
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered getSNIRequest(type: " + type + ")");
/* Returns a byte array representing SNI host name */
reqBytes = getSNIRequest(this.sslPtr, type);
}
if (reqBytes != null) {
return reqBytes;
}
return null;
}
/**
* Get SNI request used for this session object as String.
*
* @param type SNI type. Currently supported type is
* WolfSSL.WOLFSSL_SNI_HOST_NAME.
* @return String representing SNI name requested in this session, or
* null if not available.
* @throws IllegalStateException if called when WolfSSLSession is not
* active
*/
public String getSNIRequest(byte type) throws IllegalStateException {
byte[] request;
confirmObjectIsActive();
request = getSNIRequestBytes(type);
if (request != null){
return new String(request, StandardCharsets.UTF_8);
}
return null;
}
/**
* Enable session tickets for this session.
*
* @return WolfSSL.SSL_SUCCESS on success, otherwise negative.
* @throws IllegalStateException WolfSSLSession has been freed
*/
public int useSessionTicket()
throws IllegalStateException {
int ret;
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered useSessionTicket()");
ret = useSessionTicket(this.sslPtr);
if (ret == WolfSSL.SSL_SUCCESS) {
this.sessionTicketsEnabled = true;
}
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"enabled session tickets for session, ret: " + ret);
}
return ret;
}
/**
* Determine if session tickets have been enabled for this session.
* Session tickets can be enabled for this session by calling
* WolfSSLSession.useSessionTicket().
*
* @return true if enabled, otherwise false.
* @throws IllegalStateException WolfSSLSession has been freed
*/
public synchronized boolean sessionTicketsEnabled()
throws IllegalStateException {
confirmObjectIsActive();
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered sessionTicketsEnabled(): " + this.sessionTicketsEnabled);
return this.sessionTicketsEnabled;
}
/**
* Set ALPN extension protocol for this session from encoded byte array.
* Calls SSL_set_alpn_protos() at native level. Format starts with
* length, where length does not include length byte itself. Example format:
*
* byte[] p = "http/1.1".getBytes();
*
* Unless this input format is explicitly needed, useALPN(String[], int)
* will likely be easier to use.
*
* @param alpnProtos ALPN protocols, encoded as byte array vector
* @return WolfSSL.SSL_SUCCESS on success, otherwise negative on error.
*/
public int useALPN(byte[] alpnProtos) throws IllegalStateException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered useALPN(byte[])");
return sslSetAlpnProtos(this.sslPtr, alpnProtos);
}
}
/**
* Set ALPN extension protocol for this session from String array.
* Calls native wolfSSL_useALPN(), where protocols should be a String
* array of ALPN protocols. At the native JNI level, this is converted to
* a comma-delimited list of prototocls and passed to native wolfSSL.
*
* This method is similar to useALPN(byte[]), but accepts a String array
* and calls a different native wolfSSL API for ALPN use.
*
* @param protocols Array of ALPN protocol Strings
* @param options Options to control behavior of ALPN failure mode.
* Possible options include:
* WolfSSL.WOLFSSL_ALPN_CONTINUE_ON_MISMATCH
* WolfSSL.WOLFSSL_ALPN_FAILED_ON_MISMATCH
* @return WolfSSL.SSL_SUCCESS on success, otherwise negative on error.
*
*/
public int useALPN(String[] protocols, int options) {
/* all protocols, comma delimited */
StringBuilder allProtocols = new StringBuilder();
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered useALPN(String[], int)");
}
if (protocols == null) {
return WolfSSL.BAD_FUNC_ARG;
}
for (int i = 0; i < protocols.length; i++) {
if (i != 0) {
allProtocols.append(",");
}
allProtocols.append(protocols[i]);
}
synchronized (sslLock) {
return useALPN(this.sslPtr, allProtocols.toString(), options);
}
}
/**
* Get the ALPN protocol selected by the client/server for this session.
*
* @return byte array representation of selected protocol.
* @throws IllegalStateException WolfSSLSession has been freed
*/
public byte[] getAlpnSelected() throws IllegalStateException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered getAlpnSelected()");
return sslGet0AlpnSelected(this.sslPtr);
}
}
/**
* Get the ALPN protocol selected by the client/server for this session.
*
* Same behavior as getAlpnSelected(), but returns a String instead of a
* byte array.
*
* @return String of the selected ALPN protocol
* @throws IllegalStateException WolfSSLSession has been freed
*/
public String getAlpnSelectedString() throws IllegalStateException {
byte[] alpnSelectedBytes = null;
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered getAlpnSelectedString()");
}
alpnSelectedBytes = getAlpnSelected();
if (alpnSelectedBytes != null) {
return new String(alpnSelectedBytes, StandardCharsets.UTF_8);
} else {
return null;
}
}
/**
* Registers ALPN select callback.
*
* This callback is called by native wolfSSL during the handshake
* on the server side after receiving the ALPN protocols by the client
* in the ClientHello message.
*
* @param cb callback to be registered with SSL session
* @param arg Object that will be passed back to user inside callback
*
* @return SSL_SUCCESS upon success.
* NOT_COMPILED_IN if wolfSSL was not compiled with
* ALPN support, and other negative value representing other
* error scenarios.
*
* @throws IllegalStateException WolfSSLSession has been freed
* @throws WolfSSLJNIException Internal JNI error
*/
public int setAlpnSelectCb(WolfSSLALPNSelectCallback cb, Object arg)
throws IllegalStateException, WolfSSLJNIException {
int ret = 0;
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered setAlpnSelectCb(" +
cb + ", Object: " + arg + ")");
ret = setALPNSelectCb(this.sslPtr);
if (ret == WolfSSL.SSL_SUCCESS) {
/* set ALPN select callback */
internAlpnSelectCb = cb;
/* set ALPN select arg Object, returned to user in callback */
this.alpnSelectArg = arg;
}
}
return ret;
}
/**
* Register TLS 1.3 secret callback.
*
* The callback registered by this method is called by native wolfSSL
* during TLS 1.3 connection to retrieve the secrets used in those
* connections. These can be printed to a log file for consumption by
* Wireshark.
*
* @param cb callback to be registered with this SSL session
* @param ctx Object that will be passed back to user inside callback
*
* @return SSL_SUCCESS on success.
* NOT_COMPILED_IN if wolfSSL was not compiled with
* TLS 1.3 and HAVE_SECERT_CALLBACK defined, and other
* negative value on error.
*
* @throws IllegalStateException WolfSSLSession has been freed
* @throws WolfSSLJNIException Internal JNI error
*/
public int setTls13SecretCb(WolfSSLTls13SecretCallback cb, Object ctx)
throws IllegalStateException, WolfSSLJNIException {
int ret = 0;
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered setTls13SecretCb(" +
cb + ", ctx: " + ctx + ")");
ret = setTls13SecretCb(this.sslPtr);
if (ret == WolfSSL.SSL_SUCCESS) {
/* Set TLS 1.3 secret callback */
internTls13SecretCb = cb;
/* Set TLS 1.3 secret ctx Object, returned to user in cb */
this.tls13SecretCtx = ctx;
}
}
return ret;
}
/**
* Do not free temporary arrays at end of handshake.
*
* This needs to be called if using the TLS 1.3 secret callback, and
* should be called after the WolfSSLSession object has been created.
*
* @throws IllegalStateException WolfSSLSession has been freed
* @throws WolfSSLJNIException Internal JNI error
*/
public void keepArrays()
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered keepArrays()");
keepArrays(this.sslPtr);
}
}
/**
* Get the client random value used in this SSL/TLS session.
*
* @return client random byte array on success, or null if not available
*
* @throws IllegalStateException WolfSSLSession has been freed
* @throws WolfSSLJNIException Internal JNI error
*/
public byte[] getClientRandom()
throws IllegalStateException, WolfSSLJNIException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered getClientRandom()");
return getClientRandom(this.sslPtr);
}
}
/**
* Enable use of secure renegotiation on this session. Calling this
* API does not initiate secure renegotiation, but enables it. If enabled,
* and peer requests secure renegotiation, this session will renegotiate.
*
* @return WolfSSL.SSL_SUCCESS on success, otherwise negative.
* Will return WolfSSL.NOT_COMPILED_IN if native
* wolfSSL has not been compiled with
* HAVE_SECURE_RENEGOTIATION.
* @throws IllegalStateException WolfSSLSession has been freed
*/
public int useSecureRenegotiation() throws IllegalStateException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr,
"entered useSecureRenegotiation()");
return useSecureRenegotiation(this.sslPtr);
}
}
/**
* Enable use of secure renegotiation on this session. Calling this
* API does not initiate secure renegotiation, but enables it. If enabled,
* and peer requests secure renegotiation, this session will renegotiate.
*
* @return WolfSSL.SSL_SUCCESS on success, otherwise negative. Will
* return WolfSSL.NOT_COMPILED_IN if native wolfSSL has not been
* compiled with HAVE_SECURE_RENEGOTIATION.
* @throws IllegalStateException WolfSSLSession has been freed
*/
/**
* Initiates a secure renegotiation attempt with the peer.
* For this function to attempt a secure renegotiation,
* useSecureRenegotiation() must be called prior to calling
* this method. When called, the underlying communication channel should
* also already be set up.
*
* rehandshake() works with both blocking and non-blocking I/O.
* When the underlying I/O is non-blocking, rehandshake() will
* return when the underlying I/O could not satisfy the needs of
* rehandshake() to continue the handshake. In this case, a
* call to getError will yield either
* SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. The calling
* process must then repeat the call to rehandshake() when the
* underlying I/O is ready and wolfSSL will pick up where it left off.
*
* If the underlying I/O is blocking, rehandshake() will only
* return once the handshake has been finished or an error occurred.
*
SSL_SUCCESS if successful, otherwise
* SSL_FATAL_ERROR if an error occurred. To get
* a more detailed error code, call getError().
* WolfSSL.NOT_COMPILED_IN will be returned if
* native wolfSSL has not been compiled with
* HAVE_SECURE_RENEGOTIATION.
* WolfSSL.SECURE_RENEGOTIATION_E will be returned
* if secure renegotiation has not been enabled for this session,
* or a secure renegotiation error has occurred.
* @throws IllegalStateException WolfSSLContext has been freed
*/
public int rehandshake() throws IllegalStateException {
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered rehandshake()");
return rehandshake(this.sslPtr);
}
}
/**
* Getter function to tell if shutdown has been sent or received
* @return WolfSSL.SSL_SENT_SHUTDOWN or WolfSSL.SSL_RECEIVED_SHUTDOWN
*/
public int getShutdown() throws IllegalStateException {
int ret;
confirmObjectIsActive();
synchronized (sslLock) {
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "entered getShutdown()");
ret = getShutdown(this.sslPtr);
WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
WolfSSLDebug.INFO, this.sslPtr, "getShutdown(), ret: " + ret);
}
return ret;
}
@SuppressWarnings("deprecation")
@Override
protected void finalize() throws Throwable
{
/* free resources, freeSSL() checks and sets state */
this.freeSSL();
super.finalize();
}
} /* end WolfSSLSession */