All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.wildfly.openssl.SSLImpl Maven / Gradle / Ivy

There is a newer version: 2.2.5.Final
Show newest version
/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License") you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.wildfly.openssl;

import java.nio.ByteBuffer;

/**
 * Class that contains all static native methods to interact with OpenSSL
 */
public class SSLImpl extends SSL {

    public SSLImpl() {
    }

    static native void initialize0(String libCryptoPath, String libSslPath);

    protected void initialize(String libCryptoPath, String libSslPath) {
        SSLImpl.initialize0(libCryptoPath, libSslPath);
    }

    /* Return OpenSSL version number */
    static native String version0();

    protected String version() {
        return SSLImpl.version0();
    }

    /**
     * Return true if all the requested SSL_OP_* are supported by OpenSSL.
     * 

* Note that for versions of tcstatic native < 1.1.25, this method will * return true if and only if op= * {@link #SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION} and tcstatic native * supports that flag. * * @param op Bitwise-OR of all SSL_OP_* to test. * @return true if all SSL_OP_* are supported by OpenSSL library. */ static native boolean hasOp0(int op); protected boolean hasOp(int op) { return SSLImpl.hasOp0(op); } /** * SSL_new * * @param ctx Server or Client context to use. * @param server if true configure SSL instance to use accept handshake routines * if false configure SSL instance to use connect handshake routines * @return pointer to SSL instance (SSL *) */ static native long newSSL0(long ctx, boolean server); protected long newSSL(long ctx, boolean server) { return SSLImpl.newSSL0(ctx, server); } /** * BIO_ctrl_pending. * * @param bio BIO pointer (BIO *) */ static native int pendingWrittenBytesInBIO0(long bio); protected int pendingWrittenBytesInBIO(long bio) { return SSLImpl.pendingWrittenBytesInBIO0(bio); } /** * SSL_pending. * * @param ssl SSL pointer (SSL *) */ static native int pendingReadableBytesInSSL0(long ssl); protected int pendingReadableBytesInSSL(long ssl) { return SSLImpl.pendingReadableBytesInSSL0(ssl); } /** * BIO_write. * * @param bio * @param wbuf * @param wlen */ static native int writeToBIO0(long bio, long wbuf, int wlen); protected int writeToBIO(long bio, long wbuf, int wlen) { return SSLImpl.writeToBIO0(bio, wbuf, wlen); } /** * BIO_read. * * @param bio * @param rbuf * @param rlen */ static native int readFromBIO0(long bio, long rbuf, int rlen); protected int readFromBIO(long bio, long rbuf, int rlen) { return SSLImpl.readFromBIO0(bio, rbuf, rlen); } /** * SSL_write. * * @param ssl the SSL instance (SSL *) * @param wbuf * @param wlen */ static native int writeToSSL0(long ssl, long wbuf, int wlen); protected int writeToSSL(long ssl, long wbuf, int wlen) { return SSLImpl.writeToSSL0(ssl, wbuf, wlen); } /** * SSL_read * * @param ssl the SSL instance (SSL *) * @param rbuf * @param rlen */ static native int readFromSSL0(long ssl, long rbuf, int rlen); protected int readFromSSL(long ssl, long rbuf, int rlen) { return SSLImpl.readFromSSL0(ssl, rbuf, rlen); } /** * SSL_get_shutdown * * @param ssl the SSL instance (SSL *) */ static native int getShutdown0(long ssl); protected int getShutdown(long ssl) { return SSLImpl.getShutdown0(ssl); } /** * SSL_free * * @param ssl the SSL instance (SSL *) */ static native void freeSSL0(long ssl); protected void freeSSL(long ssl) { SSLImpl.freeSSL0(ssl); } /** * Wire up internal and network BIOs for the given SSL instance. *

* Warning: you must explicitly free this resource by calling freeBIO *

* While the SSL's internal/application data BIO will be freed when freeSSL is called on * the provided SSL instance, you must call freeBIO on the returned network BIO. * * @param ssl the SSL instance (SSL *) * @return pointer to the Network BIO (BIO *) */ static native long makeNetworkBIO0(long ssl); protected long makeNetworkBIO(long ssl) { return SSLImpl.makeNetworkBIO0(ssl); } /** * BIO_free * * @param bio */ static native void freeBIO0(long bio); protected void freeBIO(long bio) { SSLImpl.freeBIO0(bio); } /** * SSL_shutdown * * @param ssl the SSL instance (SSL *) */ static native int shutdownSSL0(long ssl); protected int shutdownSSL(long ssl) { return SSLImpl.shutdownSSL0(ssl); } /** * Get the error number representing the last error OpenSSL encountered on * this thread. */ static native int getLastErrorNumber0(); protected int getLastErrorNumber() { return SSLImpl.getLastErrorNumber0(); } /** * SSL_get_cipher. * * @param ssl the SSL instance (SSL *) */ static native String getCipherForSSL0(long ssl); protected String getCipherForSSL(long ssl) { return SSLImpl.getCipherForSSL0(ssl); } /** * SSL_get_version * * @param ssl the SSL instance (SSL *) */ static native String getVersion0(long ssl); protected String getVersion(long ssl) { return SSLImpl.getVersion0(ssl); } /** * SSL_do_handshake * * @param ssl the SSL instance (SSL *) */ static native int doHandshake0(long ssl); protected int doHandshake(long ssl) { return SSLImpl.doHandshake0(ssl); } static native int saveServerCipher0(long ssl, int serverCipher); protected int saveServerCipher(long ssl, int serverCipher) { return SSLImpl.saveServerCipher0(ssl, serverCipher); } static native int getSSLError0(long ssl, int code); protected int getSSLError(long ssl, int code) { return SSLImpl.getSSLError0(ssl, code); } /** * SSL_renegotiate * * @param ssl the SSL instance (SSL *) */ static native int renegotiate0(long ssl); protected int renegotiate(long ssl) { return SSLImpl.renegotiate0(ssl); } /** * SSL_in_init. * * @param SSL */ static native int isInInit0(long SSL); protected int isInInit(long SSL) { return SSLImpl.isInInit0(SSL); } /** * SSL_get0_alpn_selected * * @param ssl the SSL instance (SSL *) */ static native String getAlpnSelected0(long ssl); protected String getAlpnSelected(long ssl) { return SSLImpl.getAlpnSelected0(ssl); } /** * enables ALPN on the server side */ static native void enableAlpn0(long ssl); protected void enableAlpn(long ssl) { SSLImpl.enableAlpn0(ssl); } static native boolean isAlpnSupported0(); protected boolean isAlpnSupported() { return isAlpnSupported0(); } /** * Get the peer certificate chain or {@code null} if non was send. */ static native byte[][] getPeerCertChain0(long ssl); protected byte[][] getPeerCertChain(long ssl) { return SSLImpl.getPeerCertChain0(ssl); } /** * Get the peer certificate or {@code null} if non was send. */ static native byte[] getPeerCertificate0(long ssl); protected byte[] getPeerCertificate(long ssl) { return SSLImpl.getPeerCertificate0(ssl); } /* * Get the error number representing for the given {@code errorNumber}. */ static native String getErrorString0(long errorNumber); protected String getErrorString(long errorNumber) { return SSLImpl.getErrorString0(errorNumber); } /** * SSL_get_time * * @param ssl the SSL instance (SSL *) * @return returns the time at which the session ssl was established. The time is given in seconds since the Epoch */ static native long getTime0(long ssl); protected long getTime(long ssl) { return SSLImpl.getTime0(ssl); } /** * Set Type of Client Certificate verification and Maximum depth of CA Certificates * in Client Certificate verification. *
* This directive sets the Certificate verification level for the Client * Authentication. Notice that this directive can be used both in per-server * and per-directory context. In per-server context it applies to the client * authentication process used in the standard SSL handshake when a connection * is established. In per-directory context it forces a SSL renegotiation with * the reconfigured client verification level after the HTTP request was read * but before the HTTP response is sent. *
* The following levels are available for level: *

     * SSL_CVERIFY_NONE           - No client Certificate is required at all
     * SSL_CVERIFY_OPTIONAL       - The client may present a valid Certificate
     * SSL_CVERIFY_REQUIRE        - The client has to present a valid Certificate
     * SSL_CVERIFY_OPTIONAL_NO_CA - The client may present a valid Certificate
     *                              but it need not to be (successfully) verifiable
     * 
*
* The depth actually is the maximum number of intermediate certificate issuers, * i.e. the number of CA certificates which are max allowed to be followed while * verifying the client certificate. A depth of 0 means that self-signed client * certificates are accepted only, the default depth of 1 means the client * certificate can be self-signed or has to be signed by a CA which is directly * known to the server (i.e. the CA's certificate is under * {@code setCACertificatePath}, etc. * * @param ssl the SSL instance (SSL *) * @param level Type of Client Certificate verification. * @param depth Maximum depth of CA Certificates in Client Certificate * verification. */ static native void setSSLVerify0(long ssl, int level, int depth); protected void setSSLVerify(long ssl, int level, int depth) { SSLImpl.setSSLVerify0(ssl, level, depth); } /** * Set OpenSSL Option. * * @param ssl the SSL instance (SSL *) * @param options See SSL.SSL_OP_* for option flags. */ static native void setOptions0(long ssl, int options); protected void setOptions(long ssl, int options) { SSLImpl.setOptions0(ssl, options); } /** * Get OpenSSL Option. * * @param ssl the SSL instance (SSL *) * @return options See SSL.SSL_OP_* for option flags. */ static native int getOptions0(long ssl); protected int getOptions(long ssl) { return SSLImpl.getOptions0(ssl); } /** * Returns all Returns the cipher suites that are available for negotiation in an SSL handshake. * * @param ssl the SSL instance (SSL *) * @return ciphers */ static native String[] getCiphers0(long ssl); protected String[] getCiphers(long ssl) { return SSLImpl.getCiphers0(ssl); } @Override protected boolean setCipherSuites(long ssl, String ciphers) throws Exception { return setCipherSuites0(ssl, ciphers); } /** * Returns the pointer reference to the SSL session. * * @param ssl the SSL instance (SSL *) * * @return the pointer reference to the SSL session */ static native long getSession0(long ssl); @Override protected long getSession(final long ssl) { return SSLImpl.getSession0(ssl); } static native void setSession0(final long ssl, final long session); @Override protected void setSession(final long ssl, final long session) { SSLImpl.setSession0(ssl, session); } /** * Returns the cipher suites available for negotiation in SSL handshake. *
* This complex directive uses a colon-separated cipher-spec string consisting * of OpenSSL cipher specifications to configure the Cipher Suite the client * is permitted to negotiate in the SSL handshake phase. Notice that this * directive can be used both in per-server and per-directory context. * In per-server context it applies to the standard SSL handshake when a * connection is established. In per-directory context it forces a SSL * renegotiation with the reconfigured Cipher Suite after the HTTP request * was read but before the HTTP response is sent. * * @param ssl the SSL instance (SSL *) * @param ciphers an SSL cipher specification */ static native boolean setCipherSuites0(long ssl, String ciphers) throws Exception; /** * Returns the ID of the session as byte array representation. * * @param ssl the SSL instance (SSL *) * @return the session as byte array representation obtained via SSL_SESSION_get_id. */ static native byte[] getSessionId0(long ssl); protected byte[] getSessionId(long ssl) { return SSLImpl.getSessionId0(ssl); } static native long bufferAddress0(ByteBuffer buffer); protected long bufferAddress(ByteBuffer buffer) { return SSLImpl.bufferAddress0(buffer); } @Override protected long makeSSLContext(int protocol, int mode) throws Exception { return makeSSLContext0(protocol, mode); } /** * Create a new SSL context. * * @param protocol The SSL protocol to use. It can be any combination of * the following: *
     *                 {@link SSLImpl#SSL_PROTOCOL_SSLV2}
     *                 {@link SSLImpl#SSL_PROTOCOL_SSLV3}
     *                 {@link SSLImpl#SSL_PROTOCOL_TLSV1}
     *                 {@link SSLImpl#SSL_PROTOCOL_TLSV1_1}
     *                 {@link SSLImpl#SSL_PROTOCOL_TLSV1_2}
     *                 {@link SSLImpl#SSL_PROTOCOL_ALL} ( == all TLS versions, no SSL)
     *                 
* @param mode SSL mode to use *
     *                 SSL_MODE_CLIENT
     *                 SSL_MODE_SERVER
     *                 SSL_MODE_COMBINED
     *                 
* @return The Java representation of a pointer to the newly created SSL * Context * @throws Exception If the SSL Context could not be created */ static native long makeSSLContext0(int protocol, int mode) throws Exception; /** * Free the resources used by the Context * * @param ctx Server or Client context to free. * @return APR Status code. */ static native int freeSSLContext0(long ctx); protected int freeSSLContext(long ctx) { return SSLImpl.freeSSLContext0(ctx); } /** * Set OpenSSL Option. * * @param ctx Server or Client context to use. * @param options See SSL.SSL_OP_* for option flags. */ static native void setSSLContextOptions0(long ctx, int options); protected void setSSLContextOptions(long ctx, int options) { SSLImpl.setSSLContextOptions0(ctx, options); } /** * Clears OpenSSL Options. * * @param ctx Server or Client context to use. * @param options See SSL.SSL_OP_* for option flags. */ static native void clearSSLContextOptions0(long ctx, int options); protected void clearSSLContextOptions(long ctx, int options) { SSLImpl.clearSSLContextOptions0(ctx, options); } /** * Set OpenSSL Option. * * @param ssl Server or Client SSL to use. * @param options See SSL.SSL_OP_* for option flags. */ static native void setSSLOptions0(long ssl, int options); protected void setSSLOptions(long ssl, int options) { SSLImpl.setSSLOptions0(ssl, options); } /** * Clears OpenSSL Options. * * @param ssl Server or Client SSL to use. * @param options See SSL.SSL_OP_* for option flags. */ static native void clearSSLOptions0(long ssl, int options); protected void clearSSLOptions(long ssl, int options) { SSLImpl.clearSSLOptions0(ssl, options); } @Override protected boolean setCipherSuite(long ctx, String ciphers) throws Exception { return setCipherSuite0(ctx, ciphers); } @Override protected boolean setCARevocation(long ctx, String file, String path) throws Exception { return setCARevocation0(ctx, file, path); } @Override protected boolean setCertificate(long ctx, byte[] cert, byte[] key, int idx) throws Exception { return setCertificate0(ctx, cert, key, idx); } /** * Cipher Suite available for negotiation in SSL handshake. *
* This complex directive uses a colon-separated cipher-spec string consisting * of OpenSSL cipher specifications to configure the Cipher Suite the client * is permitted to negotiate in the SSL handshake phase. Notice that this * directive can be used both in per-server and per-directory context. * In per-server context it applies to the standard SSL handshake when a * connection is established. In per-directory context it forces a SSL * renegotiation with the reconfigured Cipher Suite after the HTTP request * was read but before the HTTP response is sent. * * @param ctx Server or Client context to use. * @param ciphers An SSL cipher specification. */ static native boolean setCipherSuite0(long ctx, String ciphers) throws Exception; /** * Set File of concatenated PEM-encoded CA CRLs or * directory of PEM-encoded CA Certificates for Client Auth *
* This directive sets the all-in-one file where you can assemble the * Certificate Revocation Lists (CRL) of Certification Authorities (CA) * whose clients you deal with. These are used for Client Authentication. * Such a file is simply the concatenation of the various PEM-encoded CRL * files, in order of preference. *
* The files in this directory have to be PEM-encoded and are accessed through * hash filenames. So usually you can't just place the Certificate files there: * you also have to create symbolic links named hash-value.N. And you should * always make sure this directory contains the appropriate symbolic links. * Use the Makefile which comes with mod_ssl to accomplish this task. * * @param ctx Server or Client context to use. * @param file File of concatenated PEM-encoded CA CRLs for Client Auth. * @param path Directory of PEM-encoded CA Certificates for Client Auth. */ static native boolean setCARevocation0(long ctx, String file, String path) throws Exception; /** * Set Certificate *
* Point setCertificateFile at a PEM encoded certificate. If * the certificate is encrypted, then you will be prompted for a * pass phrase. Note that a kill -HUP will prompt again. A test * certificate can be generated with `make certificate' under * built time. Keep in mind that if you've both a RSA and a DSA * certificate you can configure both in parallel (to also allow * the use of DSA ciphers, etc.) *
* If the key is not combined with the certificate, use key param * to point at the key file. Keep in mind that if * you've both a RSA and a DSA private key you can configure * both in parallel (to also allow the use of DSA ciphers, etc.) * * @param ctx Server or Client context to use. * @param cert Certificate file. * @param key Private Key file to use if not in cert. * @param idx Certificate index SSL_AIDX_RSA or SSL_AIDX_DSA. */ static native boolean setCertificate0(long ctx, byte[] cert, byte[] key, int idx) throws Exception; /** * Set the size of the internal session cache. * http://www.openssl.org/docs/ssl/SSL_CTX_sess_set_cache_size.html */ static native long setSessionCacheSize0(long ctx, long size); protected long setSessionCacheSize(long ctx, long size) { return SSLImpl.setSessionCacheSize0(ctx, size); } /** * Get the size of the internal session cache. * http://www.openssl.org/docs/ssl/SSL_CTX_sess_get_cache_size.html */ static native long getSessionCacheSize0(long ctx); protected long getSessionCacheSize(long ctx) { return SSLImpl.getSessionCacheSize0(ctx); } /** * Set the timeout for the internal session cache in seconds. * http://www.openssl.org/docs/ssl/SSL_CTX_set_timeout.html */ static native long setSessionCacheTimeout0(long ctx, long timeoutSeconds); protected long setSessionCacheTimeout(long ctx, long timeoutSeconds) { return SSLImpl.setSessionCacheTimeout0(ctx, timeoutSeconds); } /** * Get the timeout for the internal session cache in seconds. * http://www.openssl.org/docs/ssl/SSL_CTX_set_timeout.html */ static native long getSessionCacheTimeout0(long ctx); protected long getSessionCacheTimeout(long ctx) { return SSLImpl.getSessionCacheTimeout0(ctx); } /** * Set the mode of the internal session cache and return the previous used mode. */ static native long setSessionCacheMode0(long ctx, long mode); protected long setSessionCacheMode(long ctx, long mode) { return SSLImpl.setSessionCacheMode0(ctx, mode); } /** * Get the mode of the current used internal session cache. */ static native long getSessionCacheMode0(long ctx); protected long getSessionCacheMode(long ctx) { return SSLImpl.getSessionCacheMode0(ctx); } /** * Session resumption statistics methods. * http://www.openssl.org/docs/ssl/SSL_CTX_sess_number.html */ static native long sessionAccept0(long ctx); protected long sessionAccept(long ctx) { return SSLImpl.sessionAccept0(ctx); } static native long sessionAcceptGood0(long ctx); protected long sessionAcceptGood(long ctx) { return SSLImpl.sessionAcceptGood0(ctx); } static native long sessionAcceptRenegotiate0(long ctx); protected long sessionAcceptRenegotiate(long ctx) { return SSLImpl.sessionAcceptRenegotiate0(ctx); } static native long sessionCacheFull0(long ctx); protected long sessionCacheFull(long ctx) { return SSLImpl.sessionCacheFull0(ctx); } static native long sessionCbHits0(long ctx); protected long sessionCbHits(long ctx) { return SSLImpl.sessionCbHits0(ctx); } static native long sessionConnect0(long ctx); protected long sessionConnect(long ctx) { return SSLImpl.sessionConnect0(ctx); } static native long sessionConnectGood0(long ctx); protected long sessionConnectGood(long ctx) { return SSLImpl.sessionConnectGood0(ctx); } static native long sessionConnectRenegotiate0(long ctx); protected long sessionConnectRenegotiate(long ctx) { return SSLImpl.sessionConnectRenegotiate0(ctx); } static native long sessionHits0(long ctx); protected long sessionHits(long ctx) { return SSLImpl.sessionHits0(ctx); } static native long sessionMisses0(long ctx); protected long sessionMisses(long ctx) { return SSLImpl.sessionMisses0(ctx); } static native long sessionNumber0(long ctx); protected long sessionNumber(long ctx) { return SSLImpl.sessionNumber0(ctx); } static native long sessionTimeouts0(long ctx); protected long sessionTimeouts(long ctx) { return SSLImpl.sessionTimeouts0(ctx); } /** * Set TLS session keys. This allows us to share keys across TFEs. */ static native void setSessionTicketKeys0(long ctx, byte[] keys); protected void setSessionTicketKeys(long ctx, byte[] keys) { SSLImpl.setSessionTicketKeys0(ctx, keys); } /** * invalidates the current SSL session */ static native void invalidateSession0(long ctx); protected void invalidateSession(long ctx) { SSLImpl.invalidateSession0(ctx); } static native void registerSessionContext0(long context, OpenSSLServerSessionContext openSSLServerSessionContext); protected void registerSessionContext(long context, OpenSSLServerSessionContext openSSLServerSessionContext) { SSLImpl.registerSessionContext0(context, openSSLServerSessionContext); } /** * Allow to hook {@link CertificateVerifier} into the handshake processing. * This will call {@code SSL_CTX_set_cert_verify_callback} and so replace the default verification * callback used by openssl * * @param ctx Server or Client context to use. * @param verifier the verifier to call during handshake. */ static native void setCertVerifyCallback0(long ctx, CertificateVerifier verifier); protected void setCertVerifyCallback(long ctx, CertificateVerifier verifier) { SSLImpl.setCertVerifyCallback0(ctx, verifier); } /** * Set application layer protocol for application layer protocol negotiation extension. *

* This should only be called by the client. * * @param ssl SSL Engine to use * @param alpnProtos protocols in priority order */ static native void setAlpnProtos0(long ssl, String[] alpnProtos); protected void setAlpnProtos(long ssl, String[] alpnProtos) { SSLImpl.setAlpnProtos0(ssl, alpnProtos); } /** * Sets the server ALPN callback for a spcific engine * * @param ssl The SSL engine * @param callback the callbackto use */ static native void setServerALPNCallback0(long ssl, ServerALPNCallback callback); protected void setServerALPNCallback(long ssl, ServerALPNCallback callback) { SSLImpl.setServerALPNCallback0(ssl, callback); } /** * Set the context within which session be reused (server side only) * http://www.openssl.org/docs/ssl/SSL_CTX_set_session_id_context.html * * @param ctx Server context to use. * @param sidCtx can be any kind of binary data, it is therefore possible to use e.g. the name * of the application and/or the hostname and/or service name * @return {@code true} if success, {@code false} otherwise. */ static native boolean setSessionIdContext0(long ctx, byte[] sidCtx); protected boolean setSessionIdContext(long ctx, byte[] sidCtx) { return SSLImpl.setSessionIdContext0(ctx, sidCtx); } }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy