OLD | NEW |
(Empty) | |
| 1 /* |
| 2 * Copyright 2016 The Netty Project |
| 3 * |
| 4 * The Netty Project licenses this file to you under the Apache License, |
| 5 * version 2.0 (the "License"); you may not use this file except in compliance |
| 6 * with the License. You may obtain a copy of the License at: |
| 7 * |
| 8 * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 * |
| 10 * Unless required by applicable law or agreed to in writing, software |
| 11 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| 12 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
| 13 * License for the specific language governing permissions and limitations |
| 14 * under the License. |
| 15 */ |
| 16 package io.netty.internal.tcnative; |
| 17 |
| 18 /** |
| 19 * Is called during handshake and hooked into openssl via {@code SSL_CTX_set_cli
ent_cert_cb}. |
| 20 * |
| 21 * IMPORTANT: Implementations of this interface should be static as it is stored
as a global reference via JNI. This |
| 22 * means if you use an inner / anonymous class to implement this and
also depend on the finalizer of the |
| 23 * class to free up the SSLContext the finalizer will never run as th
e object is never GC, due the hard |
| 24 * reference to the enclosing class. This will most likely result in
a memory leak. |
| 25 */ |
| 26 public interface CertificateRequestedCallback { |
| 27 |
| 28 /** |
| 29 * The types contained in the {@code keyTypeBytes} array. |
| 30 */ |
| 31 // Extracted from https://github.com/openssl/openssl/blob/master/include/ope
nssl/tls1.h |
| 32 byte TLS_CT_RSA_SIGN = 1; |
| 33 byte TLS_CT_DSS_SIGN = 2; |
| 34 byte TLS_CT_RSA_FIXED_DH = 3; |
| 35 byte TLS_CT_DSS_FIXED_DH = 4; |
| 36 byte TLS_CT_ECDSA_SIGN = 64; |
| 37 byte TLS_CT_RSA_FIXED_ECDH = 65; |
| 38 byte TLS_CT_ECDSA_FIXED_ECDH = 66; |
| 39 |
| 40 /** |
| 41 * Called during cert selection. |
| 42 * |
| 43 * @param ssl the SSL instance |
| 44 * @param keyTypeBytes an array of the key types. |
| 45 * @param asn1DerEncodedPrincipals the principals |
| 46 * @return material to use or {@code null} if non should be used. The owners
hip of all native memory goes over to |
| 47 * tcnative at this point. |
| 48 * |
| 49 */ |
| 50 KeyMaterial requested(long ssl, byte[] keyTypeBytes, byte[][] asn1DerEncoded
Principals); |
| 51 |
| 52 /** |
| 53 * Holds the material to use. Tcnative is responsible releasing native memor
y used by the wrapped native objects. |
| 54 */ |
| 55 // Non-final so we can extend from this later ond cache these easily in Nett
y. |
| 56 class KeyMaterial { |
| 57 |
| 58 private final long certificateChain; |
| 59 private final long privateKey; |
| 60 |
| 61 public KeyMaterial(long certificateChain, long privateKey) { |
| 62 this.certificateChain = certificateChain; |
| 63 this.privateKey = privateKey; |
| 64 } |
| 65 |
| 66 /** |
| 67 * Returns a {@code EVP_PKEY} pointer |
| 68 * |
| 69 * @return the {@code EVP_PKEY} pointer |
| 70 */ |
| 71 public final long privateKey() { |
| 72 return privateKey; |
| 73 } |
| 74 |
| 75 /** |
| 76 * Returns a x509 chain ({@code STACK_OF(X509)} pointer) |
| 77 * |
| 78 * @return thex509 chain ({@code STACK_OF(X509)} pointer) |
| 79 */ |
| 80 public final long certificateChain() { |
| 81 return certificateChain; |
| 82 } |
| 83 } |
| 84 } |
OLD | NEW |