1/*
2 * Copyright (C) 2007 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package org.conscrypt;
18
19import java.io.IOException;
20import java.net.InetAddress;
21import java.net.Socket;
22import javax.net.ssl.SSLServerSocket;
23
24/**
25 * BoringSSL-based implementation of server sockets.
26 */
27final class ConscryptServerSocket extends SSLServerSocket {
28    private final SSLParametersImpl sslParameters;
29    private boolean channelIdEnabled;
30    private boolean useEngineSocket;
31
32    ConscryptServerSocket(SSLParametersImpl sslParameters) throws IOException {
33        this.sslParameters = sslParameters;
34    }
35
36    ConscryptServerSocket(int port, SSLParametersImpl sslParameters)
37        throws IOException {
38        super(port);
39        this.sslParameters = sslParameters;
40    }
41
42    ConscryptServerSocket(int port, int backlog, SSLParametersImpl sslParameters)
43        throws IOException {
44        super(port, backlog);
45        this.sslParameters = sslParameters;
46    }
47
48    ConscryptServerSocket(int port,
49                                      int backlog,
50                                      InetAddress iAddress,
51                                      SSLParametersImpl sslParameters)
52        throws IOException {
53        super(port, backlog, iAddress);
54        this.sslParameters = sslParameters;
55    }
56
57    /**
58     * Configures the socket to be created for this instance.
59     */
60    ConscryptServerSocket setUseEngineSocket(boolean useEngineSocket) {
61        this.useEngineSocket = useEngineSocket;
62        return this;
63    }
64
65    @Override
66    public boolean getEnableSessionCreation() {
67        return sslParameters.getEnableSessionCreation();
68    }
69
70    @Override
71    public void setEnableSessionCreation(boolean flag) {
72        sslParameters.setEnableSessionCreation(flag);
73    }
74
75    /**
76     * The names of the protocols' versions that may be used on this SSL
77     * connection.
78     * @return an array of protocols names
79     */
80    @Override
81    public String[] getSupportedProtocols() {
82        return NativeCrypto.getSupportedProtocols();
83    }
84
85    /**
86     * The names of the protocols' versions that in use on this SSL connection.
87     *
88     * @return an array of protocols names
89     */
90    @Override
91    public String[] getEnabledProtocols() {
92        return sslParameters.getEnabledProtocols();
93    }
94
95    /**
96     * This method enables the protocols' versions listed by
97     * getSupportedProtocols().
98     *
99     * @param protocols names of all the protocols to enable.
100     *
101     * @throws IllegalArgumentException when one or more of the names in the
102     *             array are not supported, or when the array is null.
103     */
104    @Override
105    public void setEnabledProtocols(String[] protocols) {
106        sslParameters.setEnabledProtocols(protocols);
107    }
108
109    @Override
110    public String[] getSupportedCipherSuites() {
111        return NativeCrypto.getSupportedCipherSuites();
112    }
113
114    @Override
115    public String[] getEnabledCipherSuites() {
116        return sslParameters.getEnabledCipherSuites();
117    }
118
119    /**
120     * Enables/disables the TLS Channel ID extension for this server socket.
121     */
122    void setChannelIdEnabled(boolean enabled) {
123      channelIdEnabled = enabled;
124    }
125
126    /**
127     * Checks whether the TLS Channel ID extension is enabled for this server socket.
128     */
129    boolean isChannelIdEnabled() {
130      return channelIdEnabled;
131    }
132
133    /**
134     * This method enables the cipher suites listed by
135     * getSupportedCipherSuites().
136     *
137     * @param suites the names of all the cipher suites to enable
138     * @throws IllegalArgumentException when one or more of the ciphers in array
139     *         suites are not supported, or when the array is null.
140     */
141    @Override
142    public void setEnabledCipherSuites(String[] suites) {
143        sslParameters.setEnabledCipherSuites(suites);
144    }
145
146    @Override
147    public boolean getWantClientAuth() {
148        return sslParameters.getWantClientAuth();
149    }
150
151    @Override
152    public void setWantClientAuth(boolean want) {
153        sslParameters.setWantClientAuth(want);
154    }
155
156    @Override
157    public boolean getNeedClientAuth() {
158        return sslParameters.getNeedClientAuth();
159    }
160
161    @Override
162    public void setNeedClientAuth(boolean need) {
163        sslParameters.setNeedClientAuth(need);
164    }
165
166    @Override
167    public void setUseClientMode(boolean mode) {
168        sslParameters.setUseClientMode(mode);
169    }
170
171    @Override
172    public boolean getUseClientMode() {
173        return sslParameters.getUseClientMode();
174    }
175
176    @Override
177    public Socket accept() throws IOException {
178        final ConscryptSocketBase socket;
179        if (useEngineSocket) {
180            socket = Platform.createEngineSocket(sslParameters);
181        } else {
182            socket = Platform.createFileDescriptorSocket(sslParameters);
183        }
184
185        socket.setChannelIdEnabled(channelIdEnabled);
186        implAccept(socket);
187        return socket;
188    }
189}
190