Package org.conscrypt

Class SSLParametersImpl

java.lang.Object
org.conscrypt.SSLParametersImpl
All Implemented Interfaces:
Cloneable

final class SSLParametersImpl extends Object implements Cloneable
The instances of this class encapsulate all the info about enabled cipher suites and protocols, as well as the information about client/server mode of ssl socket, whether it require/want client authentication or not, and controls whether new SSL sessions may be established by this socket or not.
  • Field Details

    • defaultX509KeyManager

      private static volatile X509KeyManager defaultX509KeyManager
    • defaultX509TrustManager

      private static volatile X509TrustManager defaultX509TrustManager
    • defaultParameters

      private static volatile SSLParametersImpl defaultParameters
    • clientSessionContext

      private final ClientSessionContext clientSessionContext
    • serverSessionContext

      private final ServerSessionContext serverSessionContext
    • x509KeyManager

      private final X509KeyManager x509KeyManager
    • pskKeyManager

      private final PSKKeyManager pskKeyManager
    • x509TrustManager

      private final X509TrustManager x509TrustManager
    • enabledProtocols

      String[] enabledProtocols
    • isEnabledProtocolsFiltered

      boolean isEnabledProtocolsFiltered
    • enabledCipherSuites

      String[] enabledCipherSuites
    • client_mode

      private boolean client_mode
    • need_client_auth

      private boolean need_client_auth
    • want_client_auth

      private boolean want_client_auth
    • enable_session_creation

      private boolean enable_session_creation
    • endpointIdentificationAlgorithm

      private String endpointIdentificationAlgorithm
    • useCipherSuitesOrder

      private boolean useCipherSuitesOrder
    • sniMatchers

      private Collection<SNIMatcher> sniMatchers
    • algorithmConstraints

      private AlgorithmConstraints algorithmConstraints
    • ctVerificationEnabled

      private boolean ctVerificationEnabled
    • sctExtension

      byte[] sctExtension
    • ocspResponse

      byte[] ocspResponse
    • applicationProtocols

      byte[] applicationProtocols
    • applicationProtocolSelector

      ApplicationProtocolSelectorAdapter applicationProtocolSelector
    • useSessionTickets

      boolean useSessionTickets
    • useSni

      private Boolean useSni
    • channelIdEnabled

      boolean channelIdEnabled
      Whether the TLS Channel ID extension is enabled. This field is server-side only.
    • EMPTY_STRING_ARRAY

      private static final String[] EMPTY_STRING_ARRAY
  • Constructor Details

  • Method Details

    • getDefault

      static SSLParametersImpl getDefault() throws KeyManagementException
      Throws:
      KeyManagementException
    • getSessionContext

      AbstractSessionContext getSessionContext()
      Returns the appropriate session context.
    • getClientSessionContext

      ClientSessionContext getClientSessionContext()
      Returns:
      client session context
    • getX509KeyManager

      X509KeyManager getX509KeyManager()
      Returns:
      X.509 key manager or null for none.
    • getPSKKeyManager

      PSKKeyManager getPSKKeyManager()
      Returns:
      Pre-Shared Key (PSK) key manager or null for none.
    • getX509TrustManager

      X509TrustManager getX509TrustManager()
      Returns:
      X.509 trust manager or null for none.
    • getEnabledCipherSuites

      String[] getEnabledCipherSuites()
      Returns:
      the names of enabled cipher suites
    • setEnabledCipherSuites

      void setEnabledCipherSuites(String[] cipherSuites)
      Sets the enabled cipher suites after filtering through OpenSSL.
    • getEnabledProtocols

      String[] getEnabledProtocols()
      Returns:
      the set of enabled protocols
    • setEnabledProtocols

      void setEnabledProtocols(String[] protocols)
      Sets the list of available protocols for use in SSL connection.
      Throws:
      IllegalArgumentException - if protocols == null
    • setApplicationProtocols

      void setApplicationProtocols(String[] protocols)
      Sets the list of ALPN protocols.
      Parameters:
      protocols - the list of ALPN protocols
    • getApplicationProtocols

      String[] getApplicationProtocols()
    • setApplicationProtocolSelector

      void setApplicationProtocolSelector(ApplicationProtocolSelectorAdapter applicationProtocolSelector)
      Used for server-mode only. Sets or clears the application-provided ALPN protocol selector. If set, will override the protocol list provided by setApplicationProtocols(String[]).
    • getApplicationProtocolSelector

      ApplicationProtocolSelectorAdapter getApplicationProtocolSelector()
      Returns the application protocol (ALPN) selector for this socket.
    • setUseClientMode

      void setUseClientMode(boolean mode)
      Tunes the peer holding this parameters to work in client mode.
      Parameters:
      mode - if the peer is configured to work in client mode
    • getUseClientMode

      boolean getUseClientMode()
      Returns the value indicating if the parameters configured to work in client mode.
    • setNeedClientAuth

      void setNeedClientAuth(boolean need)
      Tunes the peer holding this parameters to require client authentication
    • getNeedClientAuth

      boolean getNeedClientAuth()
      Returns the value indicating if the peer with this parameters tuned to require client authentication
    • setWantClientAuth

      void setWantClientAuth(boolean want)
      Tunes the peer holding this parameters to request client authentication
    • getWantClientAuth

      boolean getWantClientAuth()
      Returns the value indicating if the peer with this parameters tuned to request client authentication
    • setEnableSessionCreation

      void setEnableSessionCreation(boolean flag)
      Allows/disallows the peer holding this parameters to create new SSL session
    • getEnableSessionCreation

      boolean getEnableSessionCreation()
      Returns the value indicating if the peer with this parameters allowed to cteate new SSL session
    • setUseSessionTickets

      void setUseSessionTickets(boolean useSessionTickets)
    • setUseSni

      void setUseSni(boolean flag)
      Whether connections using this SSL connection should use the TLS extension Server Name Indication (SNI).
    • getUseSni

      boolean getUseSni()
      Returns whether connections using this SSL connection should use the TLS extension Server Name Indication (SNI).
    • setCTVerificationEnabled

      void setCTVerificationEnabled(boolean enabled)
      For testing only.
    • setSCTExtension

      void setSCTExtension(byte[] extension)
      For testing only.
    • setOCSPResponse

      void setOCSPResponse(byte[] response)
      For testing only.
    • getOCSPResponse

      byte[] getOCSPResponse()
    • filterFromProtocols

      private static String[] filterFromProtocols(String[] protocols, String obsoleteProtocol)
      This filters obsoleteProtocol from the list of protocols down to help with app compatibility.
    • filterFromCipherSuites

      private static String[] filterFromCipherSuites(String[] cipherSuites, Set<String> toRemove)
    • isSniEnabledByDefault

      private boolean isSniEnabledByDefault()
      Returns whether Server Name Indication (SNI) is enabled by default for sockets. For more information on SNI, see RFC 6066 section 3.
    • clone

      protected Object clone()
      Returns the clone of this object.
      Overrides:
      clone in class Object
      Returns:
      the clone.
    • cloneWithTrustManager

      SSLParametersImpl cloneWithTrustManager(X509TrustManager newTrustManager)
    • getDefaultX509KeyManager

      private static X509KeyManager getDefaultX509KeyManager() throws KeyManagementException
      Throws:
      KeyManagementException
    • createDefaultX509KeyManager

      private static X509KeyManager createDefaultX509KeyManager() throws KeyManagementException
      Throws:
      KeyManagementException
    • findFirstX509KeyManager

      private static X509KeyManager findFirstX509KeyManager(KeyManager[] kms)
      Finds the first X509KeyManager element in the provided array.
      Returns:
      the first X509KeyManager or null if not found.
    • findFirstPSKKeyManager

      private static PSKKeyManager findFirstPSKKeyManager(KeyManager[] kms)
      Finds the first PSKKeyManager element in the provided array.
      Returns:
      the first PSKKeyManager or null if not found.
    • getDefaultX509TrustManager

      static X509TrustManager getDefaultX509TrustManager() throws KeyManagementException
      Gets the default X.509 trust manager.
      Throws:
      KeyManagementException
    • createDefaultX509TrustManager

      private static X509TrustManager createDefaultX509TrustManager() throws KeyManagementException
      Throws:
      KeyManagementException
    • findFirstX509TrustManager

      private static X509TrustManager findFirstX509TrustManager(TrustManager[] tms)
      Finds the first X509TrustManager element in the provided array.
      Returns:
      the first X509ExtendedTrustManager or X509TrustManager or null if not found.
    • getEndpointIdentificationAlgorithm

      String getEndpointIdentificationAlgorithm()
    • setEndpointIdentificationAlgorithm

      void setEndpointIdentificationAlgorithm(String endpointIdentificationAlgorithm)
    • getUseCipherSuitesOrder

      boolean getUseCipherSuitesOrder()
    • getSNIMatchers

      Collection<SNIMatcher> getSNIMatchers()
    • setSNIMatchers

      void setSNIMatchers(Collection<SNIMatcher> sniMatchers)
    • getAlgorithmConstraints

      AlgorithmConstraints getAlgorithmConstraints()
    • setAlgorithmConstraints

      void setAlgorithmConstraints(AlgorithmConstraints algorithmConstraints)
    • setUseCipherSuitesOrder

      void setUseCipherSuitesOrder(boolean useCipherSuitesOrder)
    • getDefaultCipherSuites

      private static String[] getDefaultCipherSuites(boolean x509CipherSuitesNeeded, boolean pskCipherSuitesNeeded)
    • isCTVerificationEnabled

      boolean isCTVerificationEnabled(String hostname)
      Check if SCT verification is enforced for a given hostname.