File Doc Category Size Date Package
OpenSSLServerSocketImpl.java API Doc Android 1.5 API 10457 Wed May 06 22:41:06 BST 2009 org.apache.harmony.xnet.provider.jsse

OpenSSLServerSocketImpl

java.lang.Object
- java.net.ServerSocket
  - javax.net.ssl.SSLServerSocket

public class OpenSSLServerSocketImpl extends SSLServerSocket

OpenSSL-based implementation of server sockets. This class only supports SSLv3 and TLSv1. This should be documented elsewhere later, for example in the package.html or a separate reference document.

Fields Summary
private int
ssl_ctx
private boolean
client_mode
private long
ssl_op_no
private SSLParameters
sslParameters
private static final String[]
supportedProtocols
private static long
SSL_OP_NO_SSLv3
See the OpenSSL ssl.h header file for more information.
private static long
SSL_OP_NO_TLSv1
private static int
SSL_VERIFY_NONE
See the OpenSSL ssl.h header file for more information.
private static int
SSL_VERIFY_PEER
private static int
SSL_VERIFY_FAIL_IF_NO_PEER_CERT
private static int
SSL_VERIFY_CLIENT_ONCE
Constructors Summary
protected OpenSSLServerSocketImpl(SSLParameters sslParameters)
super(); this.sslParameters = sslParameters; init();
protected OpenSSLServerSocketImpl(int port, SSLParameters sslParameters)
super(port); this.sslParameters = sslParameters; init();
protected OpenSSLServerSocketImpl(int port, int backlog, SSLParameters sslParameters)
super(port, backlog); this.sslParameters = sslParameters; init();
protected OpenSSLServerSocketImpl(int port, int backlog, InetAddress iAddress, SSLParameters sslParameters)
super(port, backlog, iAddress); this.sslParameters = sslParameters; init();
Methods Summary
public java.net.Socket accept()
OpenSSLSocketImpl socket = new OpenSSLSocketImpl(sslParameters, ssl_op_no); implAccept(socket); socket.accept(ssl_ctx, client_mode); return socket;
public synchronized void close()
nativefree(); super.close();
protected void finalize()
Unbinds the port if the socket is open.
if (!isClosed()) close();
private boolean findSuite(java.lang.String suite)
String[] supportedCipherSuites = nativegetsupportedciphersuites(); for(int i = 0; i < supportedCipherSuites.length; i++) if (supportedCipherSuites[i].equals(suite)) return true; throw new IllegalArgumentException("Protocol " + suite + " is not supported.");
public boolean getEnableSessionCreation()
return sslParameters.getEnableSessionCreation();
public java.lang.String[] getEnabledCipherSuites()
return nativegetenabledciphersuites();
public java.lang.String[] getEnabledProtocols()
The names of the protocols' versions that in use on this SSL connection.
return
an array of protocols names
ArrayList<String> array = new ArrayList<String>(); if ((ssl_op_no & SSL_OP_NO_SSLv3) == 0x00000000L) { array.add(supportedProtocols[1]); } if ((ssl_op_no & SSL_OP_NO_TLSv1) == 0x00000000L) { array.add(supportedProtocols[2]); } return array.toArray(new String[array.size()]);
public boolean getNeedClientAuth()
return sslParameters.getNeedClientAuth();
public java.lang.String[] getSupportedCipherSuites()
return nativegetsupportedciphersuites();
public java.lang.String[] getSupportedProtocols()
The names of the protocols' versions that may be used on this SSL connection.
return
an array of protocols names
return supportedProtocols.clone();
public boolean getUseClientMode()
return sslParameters.getUseClientMode();
public boolean getWantClientAuth()
return sslParameters.getWantClientAuth();
private void init()
Initialize the SSL server socket and set the certificates for the future handshaking.
nativeinitstatic(); String alias = sslParameters.getKeyManager().chooseServerAlias("RSA", null, null); if (alias == null) { throw new IOException("No suitable certificates found"); } PrivateKey privateKey = sslParameters.getKeyManager().getPrivateKey(alias); X509Certificate[] certificates = sslParameters.getKeyManager().getCertificateChain(alias); ByteArrayOutputStream privateKeyOS = new ByteArrayOutputStream(); PEMWriter privateKeyPEMWriter = new PEMWriter(new OutputStreamWriter(privateKeyOS)); privateKeyPEMWriter.writeObject(privateKey); privateKeyPEMWriter.close(); ByteArrayOutputStream certificateOS = new ByteArrayOutputStream(); PEMWriter certificateWriter = new PEMWriter(new OutputStreamWriter(certificateOS)); for (int i = 0; i < certificates.length; i++) { certificateWriter.writeObject(certificates[i]); } certificateWriter.close(); nativeinit(privateKeyOS.toString(), certificateOS.toString(), sslParameters.getSecureRandomMember() != null ? sslParameters.getSecureRandomMember().generateSeed(1024) : null);
private native void nativefree()
Removes OpenSSL objects from memory.
private native java.lang.String[] nativegetenabledciphersuites()
Calls native OpenSSL functions to get the enabled ciphers.
static native java.lang.String[] nativegetsupportedciphersuites()
Gets all available ciphers from the current OpenSSL library. Needed by OpenSSLServerSocketFactory too.
private native void nativeinit(java.lang.String privatekey, java.lang.String certificate, byte[] seed)
private static native void nativeinitstatic()
private native void nativesetclientauth(int value)
Calls the SSL_CTX_set_verify(...) OpenSSL function with the passed int value.
private native void nativesetenabledciphersuites(java.lang.String controlString)
Calls the SSL_CTX_set_cipher_list(...) OpenSSL function with the passed char array.
private native void nativesetenabledprotocols(long l)
private void setClientAuth()
int value = SSL_VERIFY_NONE; if (sslParameters.getNeedClientAuth()) { value |= SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT|SSL_VERIFY_CLIENT_ONCE; } else if (sslParameters.getWantClientAuth()) { value |= SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE; } nativesetclientauth(value);
public void setEnableSessionCreation(boolean flag)
sslParameters.setEnableSessionCreation(flag);
public void setEnabledCipherSuites(java.lang.String[] suites)
This method enables the cipher suites listed by getSupportedCipherSuites().
param
suites the names of all the cipher suites to enable
throws
IllegalArgumentException when one or more of the ciphers in array suites are not supported, or when the array is null.
if (suites == null) { throw new IllegalArgumentException("Provided parameter is null"); } String controlString = ""; for (int i = 0; i < suites.length; i++) { findSuite(suites[i]); if (i == 0) controlString = suites[i]; else controlString += ":" + suites[i]; } nativesetenabledciphersuites(controlString);
public void setEnabledProtocols(java.lang.String[] protocols)
This method enables the protocols' versions listed by getSupportedProtocols().
param
protocols names of all the protocols to enable.
throws
IllegalArgumentException when one or more of the names in the array are not supported, or when the array is null.
if (protocols == null) { throw new IllegalArgumentException("Provided parameter is null"); } ssl_op_no = SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1; for (int i = 0; i < protocols.length; i++) { if (protocols[i].equals("SSLv3")) ssl_op_no ^= SSL_OP_NO_SSLv3; else if (protocols[i].equals("TLSv1")) ssl_op_no ^= SSL_OP_NO_TLSv1; else throw new IllegalArgumentException("Protocol " + protocols[i] + " is not supported."); } nativesetenabledprotocols(ssl_op_no);
public void setNeedClientAuth(boolean need)
sslParameters.setNeedClientAuth(need); setClientAuth();
public void setUseClientMode(boolean mode)
sslParameters.setUseClientMode(mode);
public void setWantClientAuth(boolean want)
sslParameters.setWantClientAuth(want); setClientAuth();