108ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project/* 208ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project * Copyright (C) 2007 The Android Open Source Project 308ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project * 408ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project * Licensed under the Apache License, Version 2.0 (the "License"); 508ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project * you may not use this file except in compliance with the License. 608ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project * You may obtain a copy of the License at 708ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project * 808ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project * http://www.apache.org/licenses/LICENSE-2.0 908ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project * 1008ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project * Unless required by applicable law or agreed to in writing, software 1108ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project * distributed under the License is distributed on an "AS IS" BASIS, 1208ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 1308ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project * See the License for the specific language governing permissions and 1408ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project * limitations under the License. 1508ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project */ 1608ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project 17860d2707ce126ef8f66e3eac7ceeab6d24218cd8Kenny Rootpackage org.conscrypt; 1808ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project 1908ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Projectimport java.io.IOException; 2008ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Projectimport java.net.InetAddress; 2108ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Projectimport java.net.Socket; 227140d87e131c800f8832a0ad6b35e825f5e9383aNathan Mittlerimport javax.net.ssl.SSLServerSocket; 2308ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project 2408ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project/** 255070bdfc6277af136b7eb5fe5d0d72ad2ff6a2ebKenny Root * BoringSSL-based implementation of server sockets. 26f0c622f8ceb1fa261b67e3b8654f58254a12729cBrian Carlstrom */ 277140d87e131c800f8832a0ad6b35e825f5e9383aNathan Mittlerfinal class ConscryptServerSocket extends SSLServerSocket { 28cbbd49c29da3e87cb7775ba789a0211cba0b909fBrian Carlstrom private final SSLParametersImpl sslParameters; 29577e146ed2c9c9d166c4d30a495d95d4b171a7e8Alex Klyubin private boolean channelIdEnabled; 30c58d52620b66bfee6298d0ca58540fcdaa469c8cNathan Mittler private boolean useEngineSocket; 3108ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project 327140d87e131c800f8832a0ad6b35e825f5e9383aNathan Mittler ConscryptServerSocket(SSLParametersImpl sslParameters) throws IOException { 3308ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project this.sslParameters = sslParameters; 3408ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project } 3508ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project 367140d87e131c800f8832a0ad6b35e825f5e9383aNathan Mittler ConscryptServerSocket(int port, SSLParametersImpl sslParameters) 3708ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project throws IOException { 3808ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project super(port); 3908ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project this.sslParameters = sslParameters; 4008ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project } 4108ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project 427140d87e131c800f8832a0ad6b35e825f5e9383aNathan Mittler ConscryptServerSocket(int port, int backlog, SSLParametersImpl sslParameters) 4308ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project throws IOException { 4408ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project super(port, backlog); 4508ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project this.sslParameters = sslParameters; 4608ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project } 4708ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project 487140d87e131c800f8832a0ad6b35e825f5e9383aNathan Mittler ConscryptServerSocket(int port, 4931e4294cb041d6f3914e5d1d8800e92aeb7ed523Brian Carlstrom int backlog, 5031e4294cb041d6f3914e5d1d8800e92aeb7ed523Brian Carlstrom InetAddress iAddress, 51cbbd49c29da3e87cb7775ba789a0211cba0b909fBrian Carlstrom SSLParametersImpl sslParameters) 5208ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project throws IOException { 5308ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project super(port, backlog, iAddress); 5408ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project this.sslParameters = sslParameters; 5508ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project } 5608ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project 57c58d52620b66bfee6298d0ca58540fcdaa469c8cNathan Mittler /** 58c58d52620b66bfee6298d0ca58540fcdaa469c8cNathan Mittler * Configures the socket to be created for this instance. 59c58d52620b66bfee6298d0ca58540fcdaa469c8cNathan Mittler */ 607140d87e131c800f8832a0ad6b35e825f5e9383aNathan Mittler ConscryptServerSocket setUseEngineSocket(boolean useEngineSocket) { 61c58d52620b66bfee6298d0ca58540fcdaa469c8cNathan Mittler this.useEngineSocket = useEngineSocket; 62c58d52620b66bfee6298d0ca58540fcdaa469c8cNathan Mittler return this; 63c58d52620b66bfee6298d0ca58540fcdaa469c8cNathan Mittler } 64c58d52620b66bfee6298d0ca58540fcdaa469c8cNathan Mittler 6508ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project @Override 6608ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project public boolean getEnableSessionCreation() { 6708ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project return sslParameters.getEnableSessionCreation(); 6808ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project } 6908ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project 7008ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project @Override 7108ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project public void setEnableSessionCreation(boolean flag) { 7208ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project sslParameters.setEnableSessionCreation(flag); 7308ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project } 7408ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project 7508ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project /** 7608ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project * The names of the protocols' versions that may be used on this SSL 7708ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project * connection. 7808ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project * @return an array of protocols names 7908ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project */ 8008ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project @Override 8108ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project public String[] getSupportedProtocols() { 82f0c622f8ceb1fa261b67e3b8654f58254a12729cBrian Carlstrom return NativeCrypto.getSupportedProtocols(); 8308ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project } 8408ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project 8508ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project /** 8608ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project * The names of the protocols' versions that in use on this SSL connection. 87f0c622f8ceb1fa261b67e3b8654f58254a12729cBrian Carlstrom * 8808ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project * @return an array of protocols names 8908ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project */ 9008ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project @Override 9108ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project public String[] getEnabledProtocols() { 92ae2ecac00779167b0381c48da7c612567d1c646fAlex Klyubin return sslParameters.getEnabledProtocols(); 9308ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project } 9408ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project 9508ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project /** 9608ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project * This method enables the protocols' versions listed by 9708ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project * getSupportedProtocols(). 98f0c622f8ceb1fa261b67e3b8654f58254a12729cBrian Carlstrom * 9908ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project * @param protocols names of all the protocols to enable. 100f0c622f8ceb1fa261b67e3b8654f58254a12729cBrian Carlstrom * 10108ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project * @throws IllegalArgumentException when one or more of the names in the 10208ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project * array are not supported, or when the array is null. 10308ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project */ 10408ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project @Override 10508ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project public void setEnabledProtocols(String[] protocols) { 106ae2ecac00779167b0381c48da7c612567d1c646fAlex Klyubin sslParameters.setEnabledProtocols(protocols); 10708ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project } 10808ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project 10908ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project @Override 11008ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project public String[] getSupportedCipherSuites() { 111f0c622f8ceb1fa261b67e3b8654f58254a12729cBrian Carlstrom return NativeCrypto.getSupportedCipherSuites(); 11208ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project } 11308ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project 11408ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project @Override 11508ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project public String[] getEnabledCipherSuites() { 116ae2ecac00779167b0381c48da7c612567d1c646fAlex Klyubin return sslParameters.getEnabledCipherSuites(); 11708ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project } 11808ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project 11908ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project /** 120577e146ed2c9c9d166c4d30a495d95d4b171a7e8Alex Klyubin * Enables/disables the TLS Channel ID extension for this server socket. 121577e146ed2c9c9d166c4d30a495d95d4b171a7e8Alex Klyubin */ 12229916ef38dc9cb4e4c6e3fdb87d4e921546d3ef4Nathan Mittler void setChannelIdEnabled(boolean enabled) { 123577e146ed2c9c9d166c4d30a495d95d4b171a7e8Alex Klyubin channelIdEnabled = enabled; 124577e146ed2c9c9d166c4d30a495d95d4b171a7e8Alex Klyubin } 125577e146ed2c9c9d166c4d30a495d95d4b171a7e8Alex Klyubin 126577e146ed2c9c9d166c4d30a495d95d4b171a7e8Alex Klyubin /** 127577e146ed2c9c9d166c4d30a495d95d4b171a7e8Alex Klyubin * Checks whether the TLS Channel ID extension is enabled for this server socket. 128577e146ed2c9c9d166c4d30a495d95d4b171a7e8Alex Klyubin */ 12929916ef38dc9cb4e4c6e3fdb87d4e921546d3ef4Nathan Mittler boolean isChannelIdEnabled() { 130577e146ed2c9c9d166c4d30a495d95d4b171a7e8Alex Klyubin return channelIdEnabled; 131577e146ed2c9c9d166c4d30a495d95d4b171a7e8Alex Klyubin } 132577e146ed2c9c9d166c4d30a495d95d4b171a7e8Alex Klyubin 133577e146ed2c9c9d166c4d30a495d95d4b171a7e8Alex Klyubin /** 13408ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project * This method enables the cipher suites listed by 13508ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project * getSupportedCipherSuites(). 13608ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project * 13708ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project * @param suites the names of all the cipher suites to enable 13808ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project * @throws IllegalArgumentException when one or more of the ciphers in array 13908ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project * suites are not supported, or when the array is null. 14008ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project */ 14108ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project @Override 14208ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project public void setEnabledCipherSuites(String[] suites) { 143ae2ecac00779167b0381c48da7c612567d1c646fAlex Klyubin sslParameters.setEnabledCipherSuites(suites); 14408ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project } 14508ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project 14608ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project @Override 14708ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project public boolean getWantClientAuth() { 14808ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project return sslParameters.getWantClientAuth(); 14908ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project } 15008ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project 15108ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project @Override 15208ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project public void setWantClientAuth(boolean want) { 15308ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project sslParameters.setWantClientAuth(want); 15408ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project } 15508ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project 15608ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project @Override 15708ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project public boolean getNeedClientAuth() { 15808ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project return sslParameters.getNeedClientAuth(); 15908ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project } 16008ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project 16108ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project @Override 16208ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project public void setNeedClientAuth(boolean need) { 16308ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project sslParameters.setNeedClientAuth(need); 16408ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project } 16508ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project 16608ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project @Override 16708ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project public void setUseClientMode(boolean mode) { 16808ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project sslParameters.setUseClientMode(mode); 16908ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project } 17008ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project 17108ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project @Override 17208ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project public boolean getUseClientMode() { 17308ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project return sslParameters.getUseClientMode(); 17408ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project } 17508ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project 17608ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project @Override 17708ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project public Socket accept() throws IOException { 1787140d87e131c800f8832a0ad6b35e825f5e9383aNathan Mittler final AbstractConscryptSocket socket; 179c58d52620b66bfee6298d0ca58540fcdaa469c8cNathan Mittler if (useEngineSocket) { 1807140d87e131c800f8832a0ad6b35e825f5e9383aNathan Mittler socket = new ConscryptEngineSocket(sslParameters); 181c58d52620b66bfee6298d0ca58540fcdaa469c8cNathan Mittler } else { 1827140d87e131c800f8832a0ad6b35e825f5e9383aNathan Mittler socket = new ConscryptFileDescriptorSocket(sslParameters); 183c58d52620b66bfee6298d0ca58540fcdaa469c8cNathan Mittler } 1847140d87e131c800f8832a0ad6b35e825f5e9383aNathan Mittler 1857140d87e131c800f8832a0ad6b35e825f5e9383aNathan Mittler socket.setChannelIdEnabled(channelIdEnabled); 1867140d87e131c800f8832a0ad6b35e825f5e9383aNathan Mittler implAccept(socket); 1877140d87e131c800f8832a0ad6b35e825f5e9383aNathan Mittler return socket; 1889ad6792f005170fcc79ddc23b87f9d9a6e27046eBrian Carlstrom } 18908ecc8c0f00f1a7f2258c569187e36606ed73045The Android Open Source Project} 190