Class SSL


  • public final class SSL
    extends java.lang.Object
    SSL
    • Constructor Detail

      • SSL

        public SSL()
    • Method Detail

      • version

        public static int version()
      • versionString

        public static java.lang.String versionString()
      • initialize

        public static int initialize​(java.lang.String engine)
        Initialize OpenSSL support. This function needs to be called once for the lifetime of JVM. Library.init() has to be called before.
        Parameters:
        engine - Support for external a Crypto Device ("engine"), usually a hardware accelerator card for crypto operations.
        Returns:
        APR status code
      • fipsModeSet

        public static int fipsModeSet​(int mode)
        Enable/Disable FIPS Mode.
        Parameters:
        mode - 1 - enable, 0 - disable
        Returns:
        FIPS_mode_set return code
      • randLoad

        public static boolean randLoad​(java.lang.String filename)
        Add content of the file to the PRNG
        Parameters:
        filename - Filename containing random data. If null the default file will be tested. The seed file is $RANDFILE if that environment variable is set, $HOME/.rnd otherwise. In case both files are unavailable builtin random seed generator is used.
      • randSave

        public static boolean randSave​(java.lang.String filename)
        Writes a number of random bytes (currently 1024) to file filename which can be used to initialize the PRNG by calling randLoad in a later session.
        Parameters:
        filename - Filename to save the data
      • randMake

        public static boolean randMake​(java.lang.String filename,
                                       int len,
                                       boolean base64)
        Creates random data to filename
        Parameters:
        filename - Filename to save the data
        len - The length of random sequence in bytes
        base64 - Output the data in Base64 encoded format
      • randSet

        public static void randSet​(java.lang.String filename)
        Sets global random filename.
        Parameters:
        filename - Filename to use. If set it will be used for SSL initialization and all contexts where explicitly not set.
      • newBIO

        public static long newBIO​(long pool,
                                  BIOCallback callback)
                           throws java.lang.Exception
        Initialize new BIO
        Parameters:
        pool - The pool to use.
        callback - BIOCallback to use
        Returns:
        New BIO handle
        Throws:
        java.lang.Exception
      • closeBIO

        public static int closeBIO​(long bio)
        Close BIO and dereference callback object
        Parameters:
        bio - BIO to close and destroy.
        Returns:
        APR Status code
      • setPasswordCallback

        public static void setPasswordCallback​(PasswordCallback callback)
        Set global Password callback for obtaining passwords.
        Parameters:
        callback - PasswordCallback implementation to use.
      • setPassword

        public static void setPassword​(java.lang.String password)
        Set global Password for decrypting certificates and keys.
        Parameters:
        password - Password to use.
      • generateRSATempKey

        public static boolean generateRSATempKey​(int idx)
        Generate temporary RSA key.
        Index can be one of:
         SSL_TMP_KEY_RSA_512
         SSL_TMP_KEY_RSA_1024
         SSL_TMP_KEY_RSA_2048
         SSL_TMP_KEY_RSA_4096
         
        By default 512 and 1024 keys are generated on startup. You can use a low priority thread to generate them on the fly.
        Parameters:
        idx - temporary key index.
      • loadDSATempKey

        public static boolean loadDSATempKey​(int idx,
                                             java.lang.String file)
        Load temporary DSA key from file
        Index can be one of:
         SSL_TMP_KEY_DH_512
         SSL_TMP_KEY_DH_1024
         SSL_TMP_KEY_DH_2048
         SSL_TMP_KEY_DH_4096
         
        Parameters:
        idx - temporary key index.
        file - File containing DH params.
      • getLastError

        public static java.lang.String getLastError()
        Return last SSL error string
      • hasOp

        public static boolean hasOp​(int op)
        Return true if all the requested SSL_OP_* are supported by OpenSSL. Note that for versions of tcnative < 1.1.25, this method will return true if and only if op= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION and tcnative supports that flag.
        Parameters:
        op - Bitwise-OR of all SSL_OP_* to test.
        Returns:
        true if all SSL_OP_* are supported by OpenSSL library.
      • newSSL

        public static long newSSL​(long ctx,
                                  boolean server)
        SSL_new
        Parameters:
        ctx - Server or Client context to use.
        server - if true configure SSL instance to use accept handshake routines if false configure SSL instance to use connect handshake routines
        Returns:
        pointer to SSL instance (SSL *)
      • setBIO

        public static void setBIO​(long ssl,
                                  long rbio,
                                  long wbio)
        SSL_set_bio
        Parameters:
        ssl - SSL pointer (SSL *)
        rbio - read BIO pointer (BIO *)
        wbio - write BIO pointer (BIO *)
      • getError

        public static int getError​(long ssl,
                                   int ret)
        SSL_get_error
        Parameters:
        ssl - SSL pointer (SSL *)
        ret - TLS/SSL I/O return value
      • pendingWrittenBytesInBIO

        public static int pendingWrittenBytesInBIO​(long bio)
        BIO_ctrl_pending
        Parameters:
        bio - BIO pointer (BIO *)
        Returns:
      • pendingReadableBytesInSSL

        public static int pendingReadableBytesInSSL​(long ssl)
        SSL_pending
        Parameters:
        ssl - SSL pointer (SSL *)
        Returns:
      • writeToBIO

        public static int writeToBIO​(long bio,
                                     long wbuf,
                                     int wlen)
        BIO_write
        Parameters:
        bio -
        wbuf -
        wlen -
        Returns:
      • readFromBIO

        public static int readFromBIO​(long bio,
                                      long rbuf,
                                      int rlen)
        BIO_read
        Parameters:
        bio -
        rbuf -
        rlen -
        Returns:
      • writeToSSL

        public static int writeToSSL​(long ssl,
                                     long wbuf,
                                     int wlen)
        SSL_write
        Parameters:
        ssl - the SSL instance (SSL *)
        wbuf -
        wlen -
        Returns:
      • readFromSSL

        public static int readFromSSL​(long ssl,
                                      long rbuf,
                                      int rlen)
        SSL_read
        Parameters:
        ssl - the SSL instance (SSL *)
        rbuf -
        rlen -
        Returns:
      • getShutdown

        public static int getShutdown​(long ssl)
        SSL_get_shutdown
        Parameters:
        ssl - the SSL instance (SSL *)
        Returns:
      • setShutdown

        public static void setShutdown​(long ssl,
                                       int mode)
        SSL_set_shutdown
        Parameters:
        ssl - the SSL instance (SSL *)
        mode -
      • freeSSL

        public static void freeSSL​(long ssl)
        SSL_free
        Parameters:
        ssl - the SSL instance (SSL *)
      • makeNetworkBIO

        public static long makeNetworkBIO​(long ssl)
        Wire up internal and network BIOs for the given SSL instance. Warning: you must explicitly free this resource by calling freeBIO While the SSL's internal/application data BIO will be freed when freeSSL is called on the provided SSL instance, you must call freeBIO on the returned network BIO.
        Parameters:
        ssl - the SSL instance (SSL *)
        Returns:
        pointer to the Network BIO (BIO *)
      • freeBIO

        public static void freeBIO​(long bio)
        BIO_free
        Parameters:
        bio -
      • flushBIO

        public static void flushBIO​(long bio)
        BIO_flush
        Parameters:
        bio -
      • shutdownSSL

        public static int shutdownSSL​(long ssl)
        SSL_shutdown
        Parameters:
        ssl - the SSL instance (SSL *)
        Returns:
      • getLastErrorNumber

        public static int getLastErrorNumber()
        Get the error number representing the last error OpenSSL encountered on this thread.
        Returns:
      • getCipherForSSL

        public static java.lang.String getCipherForSSL​(long ssl)
        SSL_get_cipher
        Parameters:
        ssl - the SSL instance (SSL *)
        Returns:
      • doHandshake

        public static int doHandshake​(long ssl)
        SSL_do_handshake
        Parameters:
        ssl - the SSL instance (SSL *)
      • isInInit

        public static int isInInit​(long SSL)
        SSL_in_init
        Parameters:
        SSL -
        Returns:
      • getNextProtoNegotiated

        public static java.lang.String getNextProtoNegotiated​(long ssl)
        SSL_get0_next_proto_negotiated
        Parameters:
        ssl - the SSL isntance (SSL *)
        Returns: