public final class SSLContext extends Object
| Modifier and Type | Class and Description | 
|---|---|
| static interface  | SSLContext.SNICallBackInterface implemented by components that will receive the call back to
 select an OpenSSL SSLContext based on the host name requested by the
 client. | 
| Modifier and Type | Field and Description | 
|---|---|
| static byte[] | DEFAULT_SESSION_ID_CONTEXT | 
| Constructor and Description | 
|---|
| SSLContext() | 
| Modifier and Type | Method and Description | 
|---|---|
| static boolean | addChainCertificateRaw(long ctx,
                      byte[] cert)Add a certificate to the certificate chain. | 
| static boolean | addClientCACertificateRaw(long ctx,
                         byte[] cert)Add a CA certificate we accept as issuer for peer certs | 
| static void | clearOptions(long ctx,
            int options)Clears OpenSSL Options. | 
| static int | free(long ctx)Free the resources used by the Context | 
| static String[] | getCiphers(long ctx)Returns all cipher suites that are enabled for negotiation in an SSL handshake. | 
| static int | getOptions(long ctx)Get OpenSSL Option. | 
| static long | getSessionCacheMode(long ctx)Get the mode of the current used internal session cache. | 
| static long | getSessionCacheSize(long ctx)Get the size of the internal session cache. | 
| static long | getSessionCacheTimeout(long ctx)Get the timeout for the internal session cache in seconds. | 
| static long | make(long pool,
    int protocol,
    int mode)Create a new SSL context. | 
| static void | registerDefault(Long defaultSSLContext,
               SSLContext.SNICallBack sniCallBack)Register an OpenSSL SSLContext that will be used to initiate TLS
 connections that may use the SNI extension with the component that will
 be used to map the requested hostname to the correct OpenSSL SSLContext
 for the remainder of the connection. | 
| static long | sessionAccept(long ctx) | 
| static long | sessionAcceptGood(long ctx) | 
| static long | sessionAcceptRenegotiate(long ctx) | 
| static long | sessionCacheFull(long ctx) | 
| static long | sessionCbHits(long ctx) | 
| static long | sessionConnect(long ctx) | 
| static long | sessionConnectGood(long ctx) | 
| static long | sessionConnectRenegotiate(long ctx) | 
| static long | sessionHits(long ctx) | 
| static long | sessionMisses(long ctx) | 
| static long | sessionNumber(long ctx) | 
| static long | sessionTimeouts(long ctx) | 
| static int | setALPN(long ctx,
       byte[] proto,
       int len) | 
| static void | setAlpnProtos(long ctx,
             String[] alpnProtos,
             int selectorFailureBehavior)Set application layer protocol for application layer protocol negotiation extension | 
| static void | setBIO(long ctx,
      long bio,
      int dir)Associate BIOCallback for input or output data capture. | 
| static boolean | setCACertificate(long ctx,
                String file,
                String path)Set File and Directory of concatenated PEM-encoded CA Certificates
 for Client Auth
  This directive sets the all-in-one file where you can assemble the Certificates of Certification Authorities (CA) whose clients you deal with. | 
| static boolean | setCARevocation(long ctx,
               String file,
               String path)Set File of concatenated PEM-encoded CA CRLs or
 directory of PEM-encoded CA Certificates for Client Auth
  This directive sets the all-in-one file where you can assemble the Certificate Revocation Lists (CRL) of Certification Authorities (CA) whose clients you deal with. | 
| static boolean | setCertificate(long ctx,
              String cert,
              String key,
              String password,
              int idx)Set Certificate
  Point setCertificateFile at a PEM encoded certificate. | 
| static boolean | setCertificateChainFile(long ctx,
                       String file,
                       boolean skipfirst)Set File of PEM-encoded Server CA Certificates
  This directive sets the optional all-in-one file where you can assemble the certificates of Certification Authorities (CA) which form the certificate chain of the server certificate. | 
| static boolean | setCertificateRaw(long ctx,
                 byte[] cert,
                 byte[] key,
                 int sslAidxRsa)Set CertificateRaw
  Use keystore a certificate and key to fill the BIOP | 
| static void | setCertVerifyCallback(long ctx,
                     CertificateVerifier verifier)Allow to hook  CertificateVerifierinto the handshake processing. | 
| static boolean | setCipherSuite(long ctx,
              String ciphers)Cipher Suite available for negotiation in SSL handshake. | 
| static void | setContextId(long ctx,
            String id)Set Session context id. | 
| static void | setNextProtos(long ctx,
             String nextProtos)Deprecated. 
 | 
| static void | setNpnProtos(long ctx,
            String[] nextProtos,
            int selectorFailureBehavior)Set next protocol for next protocol negotiation extension | 
| static void | setOptions(long ctx,
          int options)Set OpenSSL Option. | 
| static void | setQuietShutdown(long ctx,
                boolean mode)Sets the "quiet shutdown" flag for ctx to be
 mode. | 
| static void | setRandom(long ctx,
         String file)Set file for randomness | 
| static long | setSessionCacheMode(long ctx,
                   long mode)Set the mode of the internal session cache and return the previous used mode. | 
| static long | setSessionCacheSize(long ctx,
                   long size)Set the size of the internal session cache. | 
| static long | setSessionCacheTimeout(long ctx,
                      long timeoutSeconds)Set the timeout for the internal session cache in seconds. | 
| static boolean | setSessionIdContext(long ctx,
                   byte[] sidCtx)Set the context within which session be reused (server side only)
 http://www.openssl.org/docs/ssl/SSL_CTX_set_session_id_context.html | 
| static void | setSessionTicketKeys(long ctx,
                    byte[] keys)Set TLS session keys. | 
| static void | setShutdownType(long ctx,
               int type)Set SSL connection shutdown type
  The following levels are available for level: SSL_SHUTDOWN_TYPE_STANDARD SSL_SHUTDOWN_TYPE_UNCLEAN SSL_SHUTDOWN_TYPE_ACCURATE | 
| static void | setTmpDH(long ctx,
        String cert)Set DH parameters | 
| static void | setTmpECDHByCurveName(long ctx,
                     String curveName)Set ECDH elliptic curve by name | 
| static void | setVerify(long ctx,
         int level,
         int depth)Set Type of Client Certificate verification and Maximum depth of CA Certificates
 in Client Certificate verification. | 
| static long | sniCallBack(long currentCtx,
           String sniHostName)When tc-native encounters a SNI extension in the TLS handshake it will
 call this method to determine which OpenSSL SSLContext to use for the
 connection. | 
| static void | unregisterDefault(Long defaultSSLContext)Unregister an OpenSSL SSLContext that will no longer be used to initiate
 TLS connections that may use the SNI extension. | 
public static long make(long pool,
                        int protocol,
                        int mode)
                 throws Exception
pool - The pool to use.protocol - The SSL protocol to use. It can be any combination of
 the following:
 SSL.SSL_PROTOCOL_SSLV2SSL.SSL_PROTOCOL_SSLV3SSL.SSL_PROTOCOL_TLSV1SSL.SSL_PROTOCOL_TLSV1_1SSL.SSL_PROTOCOL_TLSV1_2SSL.SSL_PROTOCOL_TLSV1_3SSL.SSL_PROTOCOL_ALL( == all TLS versions, no SSL)
mode - SSL mode to use
 SSL_MODE_CLIENT SSL_MODE_SERVER SSL_MODE_COMBINED
Exception - If the SSL Context could not be createdpublic static int free(long ctx)
ctx - Server or Client context to free.public static void setContextId(long ctx,
                                String id)
ctx - Context to use.id - String that uniquely identifies this context.public static void setBIO(long ctx,
                          long bio,
                          int dir)
[ERROR] -- Critical error messages [WARN] -- Warning messages [INFO] -- Informational messages [DEBUG] -- Debugging messagedCallback can use that word to determine application logging level by intercepting write call. If the bio is set to 0 no error messages will be displayed. Default is to use the stderr output stream.
ctx - Server or Client context to use.bio - BIO handle to use, created with SSL.newBIOdir - BIO direction (1 for input 0 for output).public static void setOptions(long ctx,
                              int options)
ctx - Server or Client context to use.options - See SSL.SSL_OP_* for option flags.public static int getOptions(long ctx)
ctx - Server or Client context to use.public static void clearOptions(long ctx,
                                int options)
ctx - Server or Client context to use.options - See SSL.SSL_OP_* for option flags.public static String[] getCiphers(long ctx)
ctx - Server or Client context to use.public static void setQuietShutdown(long ctx,
                                    boolean mode)
ctx - Server or Client context to use.mode - True to set the quiet shutdown.public static boolean setCipherSuite(long ctx,
                                     String ciphers)
                              throws Exception
ctx - Server or Client context to use.ciphers - An OpenSSL cipher specification.true if the operation was successfulException - An error occurredpublic static boolean setCARevocation(long ctx,
                                      String file,
                                      String path)
                               throws Exception
ctx - Server or Client context to use.file - File of concatenated PEM-encoded CA CRLs for Client Auth.path - Directory of PEM-encoded CA Certificates for Client Auth.true if the operation was successfulException - An error occurredpublic static boolean setCertificateChainFile(long ctx,
                                              String file,
                                              boolean skipfirst)
ctx - Server or Client context to use.file - File of PEM-encoded Server CA Certificates.skipfirst - Skip first certificate if chain file is inside
                  certificate file.true if the operation was successfulpublic static boolean setCertificate(long ctx,
                                     String cert,
                                     String key,
                                     String password,
                                     int idx)
                              throws Exception
ctx - Server or Client context to use.cert - Certificate file.key - Private Key file to use if not in cert.password - Certificate password. If null and certificate
                 is encrypted, password prompt will be displayed.idx - Certificate index SSL_AIDX_RSA or SSL_AIDX_DSA.true if the operation was successfulException - An error occurredpublic static long setSessionCacheSize(long ctx,
                                       long size)
ctx - Server or Client context to use.size - The cache sizepublic static long getSessionCacheSize(long ctx)
ctx - Server or Client context to use.public static long setSessionCacheTimeout(long ctx,
                                          long timeoutSeconds)
ctx - Server or Client context to use.timeoutSeconds - Timeout valuepublic static long getSessionCacheTimeout(long ctx)
ctx - Server or Client context to use.public static long setSessionCacheMode(long ctx,
                                       long mode)
ctx - Server or Client context to use.mode - The mode to setpublic static long getSessionCacheMode(long ctx)
ctx - Server or Client context to use.public static long sessionAccept(long ctx)
public static long sessionAcceptGood(long ctx)
public static long sessionAcceptRenegotiate(long ctx)
public static long sessionCacheFull(long ctx)
public static long sessionCbHits(long ctx)
public static long sessionConnect(long ctx)
public static long sessionConnectGood(long ctx)
public static long sessionConnectRenegotiate(long ctx)
public static long sessionHits(long ctx)
public static long sessionMisses(long ctx)
public static long sessionNumber(long ctx)
public static long sessionTimeouts(long ctx)
public static void setSessionTicketKeys(long ctx,
                                        byte[] keys)
ctx - Server or Client context to use.keys - Some session keyspublic static boolean setCACertificate(long ctx,
                                       String file,
                                       String path)
                                throws Exception
ctx - Server or Client context to use.file - File of concatenated PEM-encoded CA Certificates for
             Client Auth.path - Directory of PEM-encoded CA Certificates for Client Auth.true if the operation was successfulException - An error occurredpublic static void setRandom(long ctx,
                             String file)
ctx - Server or Client context to use.file - random file.public static void setShutdownType(long ctx,
                                   int type)
SSL_SHUTDOWN_TYPE_STANDARD SSL_SHUTDOWN_TYPE_UNCLEAN SSL_SHUTDOWN_TYPE_ACCURATE
ctx - Server or Client context to use.type - Shutdown type to use.public static void setVerify(long ctx,
                             int level,
                             int depth)
 SSL_CVERIFY_NONE           - No client Certificate is required at all
 SSL_CVERIFY_OPTIONAL       - The client may present a valid Certificate
 SSL_CVERIFY_REQUIRE        - The client has to present a valid Certificate
 SSL_CVERIFY_OPTIONAL_NO_CA - The client may present a valid Certificate
                              but it need not to be (successfully) verifiable
 
 setCACertificatePath), etc.ctx - Server or Client context to use.level - Type of Client Certificate verification.depth - Maximum depth of CA Certificates in Client Certificate
              verification.public static int setALPN(long ctx,
                          byte[] proto,
                          int len)
public static long sniCallBack(long currentCtx,
                               String sniHostName)
currentCtx - The OpenSSL SSLContext that the handshake started to
                     use. This will be the default OpenSSL SSLContext for
                     the endpoint associated with the socket.sniHostName - The host name requested by the clientpublic static void registerDefault(Long defaultSSLContext, SSLContext.SNICallBack sniCallBack)
defaultSSLContext - The Java representation of a pointer to the
                          OpenSSL SSLContext that will be used to
                          initiate TLS connectionssniCallBack - The component that will map SNI hosts names received
                    via connections initiated using
                    defaultSSLContext to the correct  OpenSSL
                    SSLContextpublic static void unregisterDefault(Long defaultSSLContext)
defaultSSLContext - The Java representation of a pointer to the
                          OpenSSL SSLContext that will no longer be usedpublic static void setCertVerifyCallback(long ctx,
                                         CertificateVerifier verifier)
CertificateVerifier into the handshake processing.
 This will call SSL_CTX_set_cert_verify_callback and so replace the default verification
 callback used by opensslctx - Server or Client context to use.verifier - the verifier to call during handshake.@Deprecated public static void setNextProtos(long ctx, String nextProtos)
setNpnProtos(long, String[], int)ctx - Server context to use.nextProtos - comma delimited list of protocols in priority orderpublic static void setNpnProtos(long ctx,
                                String[] nextProtos,
                                int selectorFailureBehavior)
ctx - Server context to use.nextProtos - protocols in priority orderselectorFailureBehavior - see SSL.SSL_SELECTOR_FAILURE_NO_ADVERTISE
                                and SSL.SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOLpublic static void setAlpnProtos(long ctx,
                                 String[] alpnProtos,
                                 int selectorFailureBehavior)
ctx - Server context to use.alpnProtos - protocols in priority orderselectorFailureBehavior - see SSL.SSL_SELECTOR_FAILURE_NO_ADVERTISE
                                and SSL.SSL_SELECTOR_FAILURE_CHOOSE_MY_LAST_PROTOCOLpublic static void setTmpDH(long ctx,
                            String cert)
                     throws Exception
ctx - Server context to use.cert - DH param file (can be generated from e.g. openssl dhparam -rand - 2048 > dhparam.pem -
             see the OpenSSL documentation).Exception - An error occurredpublic static void setTmpECDHByCurveName(long ctx,
                                         String curveName)
                                  throws Exception
ctx - Server context to use.curveName - the name of the elliptic curve to use
             (available names can be obtained from openssl ecparam -list_curves).Exception - An error occurredpublic static boolean setSessionIdContext(long ctx,
                                          byte[] sidCtx)
ctx - Server context to use.sidCtx - can be any kind of binary data, it is therefore possible to use e.g. the name
               of the application and/or the hostname and/or service nametrue if success, false otherwise.public static boolean setCertificateRaw(long ctx,
                                        byte[] cert,
                                        byte[] key,
                                        int sslAidxRsa)
ctx - Server or Client context to use.cert - Byte array with the certificate in DER encoding.key - Byte array with the Private Key file in PEM format.sslAidxRsa - Certificate index SSL_AIDX_RSA or SSL_AIDX_DSA.true if success, false otherwise.public static boolean addChainCertificateRaw(long ctx,
                                             byte[] cert)
ctx - Server or Client context to use.cert - Byte array with the certificate in DER encoding.true if success, false otherwise.public static boolean addClientCACertificateRaw(long ctx,
                                                byte[] cert)
ctx - Server or Client context to use.cert - Byte array with the certificate in DER encoding.true if success, false otherwise.Copyright © 2000-2021 Apache Software Foundation. All Rights Reserved.