private void selectProtocol() throws SSLException { try { String protocol = Conscrypt.getApplicationProtocol(getWrappedEngine()); protocolSelector.select(protocol != null ? Collections.singletonList(protocol) : Collections.<String>emptyList()); } catch (Throwable e) { throw toSSLHandshakeException(e); } } }
private ConscryptAlpnSslEngine(SSLEngine engine, ByteBufAllocator alloc, List<String> protocols) { super(engine); // Configure the Conscrypt engine to use Netty's buffer allocator. This is a trade-off of memory vs // performance. // // If no allocator is provided, the engine will internally allocate a direct buffer of max packet size in // order to optimize JNI calls (this happens the first time it is provided a non-direct buffer from the // application). // // Alternatively, if an allocator is provided, no internal buffer will be created and direct buffers will be // retrieved from the allocator on-demand. if (USE_BUFFER_ALLOCATOR) { Conscrypt.setBufferAllocator(engine, new BufferAllocatorAdapter(alloc)); } // Set the list of supported ALPN protocols on the engine. Conscrypt.setApplicationProtocols(engine, protocols.toArray(new String[0])); }
/** * Calculates the maximum size of the encrypted output buffer required to wrap the given plaintext bytes. Assumes * as a worst case that there is one TLS record per buffer. * * @param plaintextBytes the number of plaintext bytes to be wrapped. * @param numBuffers the number of buffers that the plaintext bytes are spread across. * @return the maximum size of the encrypted output buffer required for the wrap operation. */ final int calculateOutNetBufSize(int plaintextBytes, int numBuffers) { // Assuming a max of one frame per component in a composite buffer. long maxOverhead = (long) Conscrypt.maxSealOverhead(getWrappedEngine()) * numBuffers; // TODO(nmittler): update this to use MAX_ENCRYPTED_PACKET_LENGTH instead of Integer.MAX_VALUE return (int) min(Integer.MAX_VALUE, plaintextBytes + maxOverhead); }
@Override public void configureSslSocketFactory(SSLSocketFactory socketFactory) { if (Conscrypt.isConscrypt(socketFactory)) { Conscrypt.setUseEngineSocket(socketFactory, true); } } }
@Override public @Nullable String getSelectedProtocol(SSLSocket sslSocket) { if (Conscrypt.isConscrypt(sslSocket)) { return Conscrypt.getApplicationProtocol(sslSocket); } else { return super.getSelectedProtocol(sslSocket); } }
@Override public void configureTlsExtensions( SSLSocket sslSocket, String hostname, List<Protocol> protocols) { if (Conscrypt.isConscrypt(sslSocket)) { // Enable SNI and session tickets. if (hostname != null) { Conscrypt.setUseSessionTickets(sslSocket, true); Conscrypt.setHostname(sslSocket, hostname); } // Enable ALPN. List<String> names = Platform.alpnProtocolNames(protocols); Conscrypt.setApplicationProtocols(sslSocket, names.toArray(new String[0])); } else { super.configureTlsExtensions(sslSocket, hostname, protocols); } }
ServerEngine(SSLEngine engine, ByteBufAllocator alloc, JdkApplicationProtocolNegotiator applicationNegotiator) { super(engine, alloc, applicationNegotiator.protocols()); // Register for completion of the handshake. Conscrypt.setHandshakeListener(engine, new HandshakeListener() { @Override public void onHandshakeFinished() throws SSLException { selectProtocol(); } }); protocolSelector = checkNotNull(applicationNegotiator.protocolSelectorFactory() .newSelector(this, new LinkedHashSet<String>(applicationNegotiator.protocols())), "protocolSelector"); }
final SSLEngineResult unwrap(ByteBuffer[] srcs, ByteBuffer[] dests) throws SSLException { return Conscrypt.unwrap(getWrappedEngine(), srcs, dests); }
@Override void applyParameters(final SSLEngine sslEngine, final SSLParameters sslParameters, final String[] appProtocols) { if (Conscrypt.isConscrypt(sslEngine)) { sslEngine.setSSLParameters(sslParameters); Conscrypt.setApplicationProtocols(sslEngine, appProtocols); } else { H2TlsSupport.setApplicationProtocols(sslParameters, appProtocols); sslEngine.setSSLParameters(sslParameters); } }
public ConscryptALPNSelector(SSLEngine sslEngine, List<String> supportedProtocolList) { if (CollectionUtils.isEmpty(supportedProtocolList)) { this.supportedProtocolList = Collections.unmodifiableList(Arrays.asList("h2", "http/1.1")); } else { this.supportedProtocolList = supportedProtocolList; } supportedProtocols = this.supportedProtocolList.toArray(StringUtils.EMPTY_STRING_ARRAY); this.sslEngine = sslEngine; if (sslEngine.getUseClientMode()) { Conscrypt.setApplicationProtocols(sslEngine, supportedProtocols); } else { Conscrypt.setApplicationProtocolSelector(sslEngine, new ConscryptApplicationProtocolSelector()); } }
@Override public @Nullable X509TrustManager trustManager(SSLSocketFactory sslSocketFactory) { if (!Conscrypt.isConscrypt(sslSocketFactory)) { return super.trustManager(sslSocketFactory); } try { // org.conscrypt.SSLParametersImpl Object sp = readFieldOrNull(sslSocketFactory, Object.class, "sslParameters"); if (sp != null) { return readFieldOrNull(sp, X509TrustManager.class, "x509TrustManager"); } return null; } catch (Exception e) { throw new UnsupportedOperationException( "clientBuilder.sslSocketFactory(SSLSocketFactory) not supported on Conscrypt", e); } }
ClientEngine(SSLEngine engine, ByteBufAllocator alloc, JdkApplicationProtocolNegotiator applicationNegotiator) { super(engine, alloc, applicationNegotiator.protocols()); // Register for completion of the handshake. Conscrypt.setHandshakeListener(engine, new HandshakeListener() { @Override public void onHandshakeFinished() throws SSLException { selectProtocol(); } }); protocolListener = checkNotNull(applicationNegotiator .protocolListenerFactory().newListener(this, applicationNegotiator.protocols()), "protocolListener"); }
@Override public @Nullable String getSelectedProtocol(SSLSocket sslSocket) { if (Conscrypt.isConscrypt(sslSocket)) { return Conscrypt.getApplicationProtocol(sslSocket); } else { return super.getSelectedProtocol(sslSocket); } }
@Override public void configureTlsExtensions( SSLSocket sslSocket, String hostname, List<Protocol> protocols) { if (Conscrypt.isConscrypt(sslSocket)) { // Enable SNI and session tickets. if (hostname != null) { Conscrypt.setUseSessionTickets(sslSocket, true); Conscrypt.setHostname(sslSocket, hostname); } // Enable ALPN. List<String> names = Platform.alpnProtocolNames(protocols); Conscrypt.setApplicationProtocols(sslSocket, names.toArray(new String[0])); } else { super.configureTlsExtensions(sslSocket, hostname, protocols); } }
final SSLEngineResult unwrap(ByteBuffer[] srcs, ByteBuffer[] dests) throws SSLException { return Conscrypt.unwrap(getWrappedEngine(), srcs, dests); }
public ConscryptALPNSelector(SSLEngine sslEngine, List<String> supportedProtocolList) { if (CollectionUtils.isEmpty(supportedProtocolList)) { this.supportedProtocolList = Collections.unmodifiableList(Arrays.asList("h2", "http/1.1")); } else { this.supportedProtocolList = supportedProtocolList; } supportedProtocols = this.supportedProtocolList.toArray(StringUtils.EMPTY_STRING_ARRAY); this.sslEngine = sslEngine; if (sslEngine.getUseClientMode()) { Conscrypt.setApplicationProtocols(sslEngine, supportedProtocols); } else { Conscrypt.setApplicationProtocolSelector(sslEngine, new ConscryptApplicationProtocolSelector()); } }
@Override public @Nullable X509TrustManager trustManager(SSLSocketFactory sslSocketFactory) { if (!Conscrypt.isConscrypt(sslSocketFactory)) { return super.trustManager(sslSocketFactory); } try { // org.conscrypt.SSLParametersImpl Object sp = readFieldOrNull(sslSocketFactory, Object.class, "sslParameters"); if (sp != null) { return readFieldOrNull(sp, X509TrustManager.class, "x509TrustManager"); } return null; } catch (Exception e) { throw new UnsupportedOperationException( "clientBuilder.sslSocketFactory(SSLSocketFactory) not supported on Conscrypt", e); } }
@Override public void configureSslSocketFactory(SSLSocketFactory socketFactory) { if (Conscrypt.isConscrypt(socketFactory)) { Conscrypt.setUseEngineSocket(socketFactory, true); } } }
private ConscryptAlpnSslEngine(SSLEngine engine, ByteBufAllocator alloc, List<String> protocols) { super(engine); // Configure the Conscrypt engine to use Netty's buffer allocator. This is a trade-off of memory vs // performance. // // If no allocator is provided, the engine will internally allocate a direct buffer of max packet size in // order to optimize JNI calls (this happens the first time it is provided a non-direct buffer from the // application). // // Alternatively, if an allocator is provided, no internal buffer will be created and direct buffers will be // retrieved from the allocator on-demand. if (USE_BUFFER_ALLOCATOR) { Conscrypt.setBufferAllocator(engine, new BufferAllocatorAdapter(alloc)); } // Set the list of supported ALPN protocols on the engine. Conscrypt.setApplicationProtocols(engine, protocols.toArray(new String[0])); }
private void selectProtocol() throws SSLException { try { String protocol = Conscrypt.getApplicationProtocol(getWrappedEngine()); protocolSelector.select(protocol != null ? Collections.singletonList(protocol) : Collections.<String>emptyList()); } catch (Throwable e) { throw toSSLHandshakeException(e); } } }