Package org.apache.tomcat.jni

Class SSLExt

  • public final class SSLExt
extends Object
    Support TLS extensions and extra methods. The methods are separated to make it easier for java code to support existing native library - it can check if this class can be loaded in order to use the exensions.
    Author:
    Costin Manolache

    • Constructor Summary

      Constructors 
      Constructor Description
      SSLExt()  

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static boolean checkNPN​(long tcsocket, byte[] expected)
      Higher level method, checking if the specified protocol has been negotiated.
      static int debug​(long tcsock)
      Enabling dump/debugging on the socket.
      static int getNPN​(long tcsock, byte[] proto)
      Get other side's advertised protocols.
      static byte[] getSessionData​(long tcsock)
      Server: Extract the session data associated with the socket.
      static int getTicket​(long tcsock, byte[] resBuf)
      Client: get the ticket received from server, if tickets are supported.
      static int setNPN​(long sslContext, byte[] spdyNPN)  
      static int setNPN​(long tcctx, byte[] proto, int len)
      Set advertised NPN protocol.
      static int setSessionData​(long tcsock, byte[] data, int len)
      Server: Set the session data for a socket.
      static int setSNI​(long tcsock, byte[] data, int len)
      For client side calls.
      static int setTicket​(long tcsock, byte[] data, int len)
      Client: set the previously received ticket.
      static int setTicketKeys​(long ctx, byte[] data, int len)
      Set the key used by server to generate tickets.
      static long sslCtxSetMode​(long ctx, long mode)  
      static String sslErrReasonErrorString()
      Return the last openssl error
      static long sslSetMode​(long tcsock, long mode)
      SSL_set_mode

    • Field Detail

      • SSL_MODE_ENABLE_PARTIAL_WRITE

        public static final int SSL_MODE_ENABLE_PARTIAL_WRITE
        See Also:
        Constant Field Values

      • SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER

        public static final int SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
        See Also:
        Constant Field Values

      • SSL_MODE_RELEASE_BUFFERS

        public static final int SSL_MODE_RELEASE_BUFFERS
        See Also:
        Constant Field Values

    • Constructor Detail

      • SSLExt

        public SSLExt()

    • Method Detail

      • setNPN

        public static int setNPN​(long tcctx,
                         byte[] proto,
                         int len)
        Set advertised NPN protocol. This is only available for recent or patched openssl. Example: "\x06spdy/2" Works with TLS1, doesn't with SSL2/SSL3 Servers sends list in ServerHelo, client selects it and sends it back after ChangeChipher Not supported in 1.0.0, seems to be in 1.0.1 and after

      • getNPN

        public static int getNPN​(long tcsock,
                         byte[] proto)
        Get other side's advertised protocols. Only works after handshake.

      • debug

        public static int debug​(long tcsock)
        Enabling dump/debugging on the socket. Both raw and decrypted packets will be logged.

      • getSessionData

        public static byte[] getSessionData​(long tcsock)
        Server: Extract the session data associated with the socket. Must be saved, keyed by session ID.

      • setSessionData

        public static int setSessionData​(long tcsock,
                                 byte[] data,
                                 int len)
        Server: Set the session data for a socket.

      • getTicket

        public static int getTicket​(long tcsock,
                            byte[] resBuf)
        Client: get the ticket received from server, if tickets are supported.

      • setTicket

        public static int setTicket​(long tcsock,
                            byte[] data,
                            int len)
        Client: set the previously received ticket.

      • setTicketKeys

        public static int setTicketKeys​(long ctx,
                                byte[] data,
                                int len)
        Set the key used by server to generate tickets. Key must be 48 bytes.

      • setSNI

        public static int setSNI​(long tcsock,
                         byte[] data,
                         int len)
        For client side calls. Data should be a \0 terminated string

      • sslErrReasonErrorString

        public static String sslErrReasonErrorString()
        Return the last openssl error

      • sslCtxSetMode

        public static long sslCtxSetMode​(long ctx,
                                 long mode)

      • sslSetMode

        public static long sslSetMode​(long tcsock,
                              long mode)
        SSL_set_mode

      • setNPN

        public static int setNPN​(long sslContext,
                         byte[] spdyNPN)

      • checkNPN

        public static boolean checkNPN​(long tcsocket,
                               byte[] expected)
        Higher level method, checking if the specified protocol has been negotiated.