1/* 2 * Copyright (C) 2007 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package org.conscrypt; 18 19import java.io.IOException; 20import java.net.InetAddress; 21import java.net.Socket; 22 23/** 24 * BoringSSL-based implementation of server sockets. 25 * 26 * @hide 27 */ 28@Internal 29public class OpenSSLServerSocketImpl extends javax.net.ssl.SSLServerSocket { 30 private final SSLParametersImpl sslParameters; 31 private boolean channelIdEnabled; 32 private boolean useEngineSocket; 33 34 protected OpenSSLServerSocketImpl(SSLParametersImpl sslParameters) throws IOException { 35 this.sslParameters = sslParameters; 36 } 37 38 protected OpenSSLServerSocketImpl(int port, SSLParametersImpl sslParameters) 39 throws IOException { 40 super(port); 41 this.sslParameters = sslParameters; 42 } 43 44 protected OpenSSLServerSocketImpl(int port, int backlog, SSLParametersImpl sslParameters) 45 throws IOException { 46 super(port, backlog); 47 this.sslParameters = sslParameters; 48 } 49 50 protected OpenSSLServerSocketImpl(int port, 51 int backlog, 52 InetAddress iAddress, 53 SSLParametersImpl sslParameters) 54 throws IOException { 55 super(port, backlog, iAddress); 56 this.sslParameters = sslParameters; 57 } 58 59 /** 60 * Configures the socket to be created for this instance. 61 */ 62 public OpenSSLServerSocketImpl setUseEngineSocket(boolean useEngineSocket) { 63 this.useEngineSocket = useEngineSocket; 64 return this; 65 } 66 67 @Override 68 public boolean getEnableSessionCreation() { 69 return sslParameters.getEnableSessionCreation(); 70 } 71 72 @Override 73 public void setEnableSessionCreation(boolean flag) { 74 sslParameters.setEnableSessionCreation(flag); 75 } 76 77 /** 78 * The names of the protocols' versions that may be used on this SSL 79 * connection. 80 * @return an array of protocols names 81 */ 82 @Override 83 public String[] getSupportedProtocols() { 84 return NativeCrypto.getSupportedProtocols(); 85 } 86 87 /** 88 * The names of the protocols' versions that in use on this SSL connection. 89 * 90 * @return an array of protocols names 91 */ 92 @Override 93 public String[] getEnabledProtocols() { 94 return sslParameters.getEnabledProtocols(); 95 } 96 97 /** 98 * This method enables the protocols' versions listed by 99 * getSupportedProtocols(). 100 * 101 * @param protocols names of all the protocols to enable. 102 * 103 * @throws IllegalArgumentException when one or more of the names in the 104 * array are not supported, or when the array is null. 105 */ 106 @Override 107 public void setEnabledProtocols(String[] protocols) { 108 sslParameters.setEnabledProtocols(protocols); 109 } 110 111 @Override 112 public String[] getSupportedCipherSuites() { 113 return NativeCrypto.getSupportedCipherSuites(); 114 } 115 116 @Override 117 public String[] getEnabledCipherSuites() { 118 return sslParameters.getEnabledCipherSuites(); 119 } 120 121 /** 122 * Enables/disables the TLS Channel ID extension for this server socket. 123 */ 124 public void setChannelIdEnabled(boolean enabled) { 125 channelIdEnabled = enabled; 126 } 127 128 /** 129 * Checks whether the TLS Channel ID extension is enabled for this server socket. 130 */ 131 public boolean isChannelIdEnabled() { 132 return channelIdEnabled; 133 } 134 135 /** 136 * This method enables the cipher suites listed by 137 * getSupportedCipherSuites(). 138 * 139 * @param suites the names of all the cipher suites to enable 140 * @throws IllegalArgumentException when one or more of the ciphers in array 141 * suites are not supported, or when the array is null. 142 */ 143 @Override 144 public void setEnabledCipherSuites(String[] suites) { 145 sslParameters.setEnabledCipherSuites(suites); 146 } 147 148 @Override 149 public boolean getWantClientAuth() { 150 return sslParameters.getWantClientAuth(); 151 } 152 153 @Override 154 public void setWantClientAuth(boolean want) { 155 sslParameters.setWantClientAuth(want); 156 } 157 158 @Override 159 public boolean getNeedClientAuth() { 160 return sslParameters.getNeedClientAuth(); 161 } 162 163 @Override 164 public void setNeedClientAuth(boolean need) { 165 sslParameters.setNeedClientAuth(need); 166 } 167 168 @Override 169 public void setUseClientMode(boolean mode) { 170 sslParameters.setUseClientMode(mode); 171 } 172 173 @Override 174 public boolean getUseClientMode() { 175 return sslParameters.getUseClientMode(); 176 } 177 178 @Override 179 public Socket accept() throws IOException { 180 if (useEngineSocket) { 181 Socket rawSocket = new Socket(); 182 implAccept(rawSocket); 183 184 // Enable channel ID. 185 OpenSSLEngineSocketImpl socket = 186 new OpenSSLEngineSocketImpl(rawSocket, null, -1, true, sslParameters); 187 socket.setChannelIdEnabled(channelIdEnabled); 188 socket.startHandshake(); 189 return socket; 190 } else { 191 OpenSSLSocketImpl socket = new OpenSSLSocketImpl(sslParameters); 192 socket.setChannelIdEnabled(channelIdEnabled); 193 implAccept(socket); 194 return socket; 195 } 196 } 197} 198