@Override public void configureSslSocketFactory(SSLSocketFactory socketFactory) { if (Conscrypt.isConscrypt(socketFactory)) { Conscrypt.setUseEngineSocket(socketFactory, true); } } }
private Provider getProvider() { return Conscrypt.newProviderBuilder().provideTrustManager().build(); }
@Override public @Nullable String getSelectedProtocol(SSLSocket sslSocket) { if (Conscrypt.isConscrypt(sslSocket)) { return Conscrypt.getApplicationProtocol(sslSocket); } else { return super.getSelectedProtocol(sslSocket); } }
private ConscryptAlpnSslEngine(SSLEngine engine, ByteBufAllocator alloc, List<String> protocols) { super(engine); // Configure the Conscrypt engine to use Netty's buffer allocator. This is a trade-off of memory vs // performance. // // If no allocator is provided, the engine will internally allocate a direct buffer of max packet size in // order to optimize JNI calls (this happens the first time it is provided a non-direct buffer from the // application). // // Alternatively, if an allocator is provided, no internal buffer will be created and direct buffers will be // retrieved from the allocator on-demand. if (USE_BUFFER_ALLOCATOR) { Conscrypt.setBufferAllocator(engine, new BufferAllocatorAdapter(alloc)); } // Set the list of supported ALPN protocols on the engine. Conscrypt.setApplicationProtocols(engine, protocols.toArray(new String[0])); }
@Override public void configureTlsExtensions( SSLSocket sslSocket, String hostname, List<Protocol> protocols) { if (Conscrypt.isConscrypt(sslSocket)) { // Enable SNI and session tickets. if (hostname != null) { Conscrypt.setUseSessionTickets(sslSocket, true); Conscrypt.setHostname(sslSocket, hostname); } // Enable ALPN. List<String> names = Platform.alpnProtocolNames(protocols); Conscrypt.setApplicationProtocols(sslSocket, names.toArray(new String[0])); } else { super.configureTlsExtensions(sslSocket, hostname, protocols); } }
private void selectProtocol() throws SSLException { try { String protocol = Conscrypt.getApplicationProtocol(getWrappedEngine()); protocolSelector.select(protocol != null ? Collections.singletonList(protocol) : Collections.<String>emptyList()); } catch (Throwable e) { throw toSSLHandshakeException(e); } } }
final SSLEngineResult unwrap(ByteBuffer[] srcs, ByteBuffer[] dests) throws SSLException { return Conscrypt.unwrap(getWrappedEngine(), srcs, dests); }
/** * Calculates the maximum size of the encrypted output buffer required to wrap the given plaintext bytes. Assumes * as a worst case that there is one TLS record per buffer. * * @param plaintextBytes the number of plaintext bytes to be wrapped. * @param numBuffers the number of buffers that the plaintext bytes are spread across. * @return the maximum size of the encrypted output buffer required for the wrap operation. */ final int calculateOutNetBufSize(int plaintextBytes, int numBuffers) { // Assuming a max of one frame per component in a composite buffer. long maxOverhead = (long) Conscrypt.maxSealOverhead(getWrappedEngine()) * numBuffers; // TODO(nmittler): update this to use MAX_ENCRYPTED_PACKET_LENGTH instead of Integer.MAX_VALUE return (int) min(Integer.MAX_VALUE, plaintextBytes + maxOverhead); }
ClientEngine(SSLEngine engine, ByteBufAllocator alloc, JdkApplicationProtocolNegotiator applicationNegotiator) { super(engine, alloc, applicationNegotiator.protocols()); // Register for completion of the handshake. Conscrypt.setHandshakeListener(engine, new HandshakeListener() { @Override public void onHandshakeFinished() throws SSLException { selectProtocol(); } }); protocolListener = checkNotNull(applicationNegotiator .protocolListenerFactory().newListener(this, applicationNegotiator.protocols()), "protocolListener"); }
@Override public @Nullable X509TrustManager trustManager(SSLSocketFactory sslSocketFactory) { if (!Conscrypt.isConscrypt(sslSocketFactory)) { return super.trustManager(sslSocketFactory); } try { // org.conscrypt.SSLParametersImpl Object sp = readFieldOrNull(sslSocketFactory, Object.class, "sslParameters"); if (sp != null) { return readFieldOrNull(sp, X509TrustManager.class, "x509TrustManager"); } return null; } catch (Exception e) { throw new UnsupportedOperationException( "clientBuilder.sslSocketFactory(SSLSocketFactory) not supported on Conscrypt", e); } }
public static ConscryptPlatform buildIfSupported() { try { // Trigger an early exception over a fatal error, prefer a RuntimeException over Error. Class.forName("org.conscrypt.Conscrypt"); if (!Conscrypt.isAvailable()) { return null; } return new ConscryptPlatform(); } catch (ClassNotFoundException e) { return null; } }
@Override public void configureTlsExtensions( SSLSocket sslSocket, String hostname, List<Protocol> protocols) { if (Conscrypt.isConscrypt(sslSocket)) { // Enable SNI and session tickets. if (hostname != null) { Conscrypt.setUseSessionTickets(sslSocket, true); Conscrypt.setHostname(sslSocket, hostname); } // Enable ALPN. List<String> names = Platform.alpnProtocolNames(protocols); Conscrypt.setApplicationProtocols(sslSocket, names.toArray(new String[0])); } else { super.configureTlsExtensions(sslSocket, hostname, protocols); } }
@Override public @Nullable String getSelectedProtocol(SSLSocket sslSocket) { if (Conscrypt.isConscrypt(sslSocket)) { return Conscrypt.getApplicationProtocol(sslSocket); } else { return super.getSelectedProtocol(sslSocket); } }
private void selectProtocol() throws SSLException { String protocol = Conscrypt.getApplicationProtocol(getWrappedEngine()); try { protocolListener.selected(protocol); } catch (Throwable e) { throw toSSLHandshakeException(e); } } }
private Provider getProvider() { return Conscrypt.newProviderBuilder().provideTrustManager().build(); }
final SSLEngineResult unwrap(ByteBuffer[] srcs, ByteBuffer[] dests) throws SSLException { return Conscrypt.unwrap(getWrappedEngine(), srcs, dests); }
/** * Calculates the maximum size of the encrypted output buffer required to wrap the given plaintext bytes. Assumes * as a worst case that there is one TLS record per buffer. * * @param plaintextBytes the number of plaintext bytes to be wrapped. * @param numBuffers the number of buffers that the plaintext bytes are spread across. * @return the maximum size of the encrypted output buffer required for the wrap operation. */ final int calculateOutNetBufSize(int plaintextBytes, int numBuffers) { // Assuming a max of one frame per component in a composite buffer. long maxOverhead = (long) Conscrypt.maxSealOverhead(getWrappedEngine()) * numBuffers; // TODO(nmittler): update this to use MAX_ENCRYPTED_PACKET_LENGTH instead of Integer.MAX_VALUE return (int) min(Integer.MAX_VALUE, plaintextBytes + maxOverhead); }
@Override public void configureSslSocketFactory(SSLSocketFactory socketFactory) { if (Conscrypt.isConscrypt(socketFactory)) { Conscrypt.setUseEngineSocket(socketFactory, true); } } }
public static ConscryptPlatform buildIfSupported() { try { // Trigger an early exception over a fatal error, prefer a RuntimeException over Error. Class.forName("org.conscrypt.Conscrypt"); if (!Conscrypt.isAvailable()) { return null; } return new ConscryptPlatform(); } catch (ClassNotFoundException e) { return null; } }
public static void main(String[] args) { //System.setProperty("javax.net.debug", "ssl:handshake:verbose"); Security.insertProviderAt(Conscrypt.newProviderBuilder().provideTrustManager().build(), 1); System.out.println( "Running tests using " + Platform.get() + " " + System.getProperty("java.vm.version")); // https://github.com/tlswg/tls13-spec/wiki/Implementations List<String> urls = Arrays.asList("https://enabled.tls13.com", "https://www.howsmyssl.com/a/check", "https://tls13.cloudflare.com", "https://www.allizom.org/robots.txt", "https://tls13.crypto.mozilla.org/", "https://tls.ctf.network/robots.txt", "https://rustls.jbp.io/", "https://h2o.examp1e.net", "https://mew.org/", "https://tls13.baishancloud.com/", "https://tls13.akamai.io/", "https://swifttls.org/", "https://www.googleapis.com/robots.txt", "https://graph.facebook.com/robots.txt", "https://api.twitter.com/robots.txt", "https://connect.squareup.com/robots.txt"); System.out.println("TLS1.3+TLS1.2"); testClient(urls, buildClient(ConnectionSpec.RESTRICTED_TLS)); System.out.println("\nTLS1.3 only"); testClient(urls, buildClient(TLS_13)); System.out.println("\nTLS1.3 then fallback"); testClient(urls, buildClient(TLS_13, TLS_12)); }