| Index: java/io/netty/internal/tcnative/CertificateRequestedCallback.java
|
| diff --git a/java/io/netty/internal/tcnative/CertificateRequestedCallback.java b/java/io/netty/internal/tcnative/CertificateRequestedCallback.java
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..2532ad2f65139f163591eddf52565b35cb18b6df
|
| --- /dev/null
|
| +++ b/java/io/netty/internal/tcnative/CertificateRequestedCallback.java
|
| @@ -0,0 +1,84 @@
|
| +/*
|
| + * Copyright 2016 The Netty Project
|
| + *
|
| + * The Netty Project licenses this file to you under the Apache License,
|
| + * version 2.0 (the "License"); you may not use this file except in compliance
|
| + * with the License. You may obtain a copy of the License at:
|
| + *
|
| + * http://www.apache.org/licenses/LICENSE-2.0
|
| + *
|
| + * Unless required by applicable law or agreed to in writing, software
|
| + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
| + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
| + * License for the specific language governing permissions and limitations
|
| + * under the License.
|
| + */
|
| +package io.netty.internal.tcnative;
|
| +
|
| +/**
|
| + * Is called during handshake and hooked into openssl via {@code SSL_CTX_set_client_cert_cb}.
|
| + *
|
| + * IMPORTANT: Implementations of this interface should be static as it is stored as a global reference via JNI. This
|
| + * means if you use an inner / anonymous class to implement this and also depend on the finalizer of the
|
| + * class to free up the SSLContext the finalizer will never run as the object is never GC, due the hard
|
| + * reference to the enclosing class. This will most likely result in a memory leak.
|
| + */
|
| +public interface CertificateRequestedCallback {
|
| +
|
| + /**
|
| + * The types contained in the {@code keyTypeBytes} array.
|
| + */
|
| + // Extracted from https://github.com/openssl/openssl/blob/master/include/openssl/tls1.h
|
| + byte TLS_CT_RSA_SIGN = 1;
|
| + byte TLS_CT_DSS_SIGN = 2;
|
| + byte TLS_CT_RSA_FIXED_DH = 3;
|
| + byte TLS_CT_DSS_FIXED_DH = 4;
|
| + byte TLS_CT_ECDSA_SIGN = 64;
|
| + byte TLS_CT_RSA_FIXED_ECDH = 65;
|
| + byte TLS_CT_ECDSA_FIXED_ECDH = 66;
|
| +
|
| + /**
|
| + * Called during cert selection.
|
| + *
|
| + * @param ssl the SSL instance
|
| + * @param keyTypeBytes an array of the key types.
|
| + * @param asn1DerEncodedPrincipals the principals
|
| + * @return material to use or {@code null} if non should be used. The ownership of all native memory goes over to
|
| + * tcnative at this point.
|
| + *
|
| + */
|
| + KeyMaterial requested(long ssl, byte[] keyTypeBytes, byte[][] asn1DerEncodedPrincipals);
|
| +
|
| + /**
|
| + * Holds the material to use. Tcnative is responsible releasing native memory used by the wrapped native objects.
|
| + */
|
| + // Non-final so we can extend from this later ond cache these easily in Netty.
|
| + class KeyMaterial {
|
| +
|
| + private final long certificateChain;
|
| + private final long privateKey;
|
| +
|
| + public KeyMaterial(long certificateChain, long privateKey) {
|
| + this.certificateChain = certificateChain;
|
| + this.privateKey = privateKey;
|
| + }
|
| +
|
| + /**
|
| + * Returns a {@code EVP_PKEY} pointer
|
| + *
|
| + * @return the {@code EVP_PKEY} pointer
|
| + */
|
| + public final long privateKey() {
|
| + return privateKey;
|
| + }
|
| +
|
| + /**
|
| + * Returns a x509 chain ({@code STACK_OF(X509)} pointer)
|
| + *
|
| + * @return thex509 chain ({@code STACK_OF(X509)} pointer)
|
| + */
|
| + public final long certificateChain() {
|
| + return certificateChain;
|
| + }
|
| + }
|
| +}
|
|
|
Chromium Code Reviews
Issue 2842333002:
Updated netty-tcnative to version 2.0.0.Final (Closed)
