public final class SSL extends Object
Constructor and Description |
---|
SSL() |
Modifier and Type | Method and Description |
---|---|
static int |
closeBIO(long bio)
Close BIO and dereference callback object
|
static int |
fipsModeGet()
Get the status of FIPS Mode.
|
static int |
fipsModeSet(int mode)
Enable/Disable FIPS Mode.
|
static boolean |
generateRSATempKey(int idx)
Generate temporary RSA key.
|
static String |
getLastError()
Return last SSL error string
|
static boolean |
hasOp(int op)
Return true if all the requested SSL_OP_* are supported by OpenSSL.
|
static int |
initialize(String engine)
Initialize OpenSSL support.
|
static boolean |
loadDSATempKey(int idx,
String file)
Load temporary DSA key from file
Index can be one of: SSL_TMP_KEY_DH_512 SSL_TMP_KEY_DH_1024 SSL_TMP_KEY_DH_2048 SSL_TMP_KEY_DH_4096 |
static long |
newBIO(long pool,
BIOCallback callback)
Initialize new BIO
|
static boolean |
randLoad(String filename)
Add content of the file to the PRNG
|
static boolean |
randMake(String filename,
int len,
boolean base64)
Creates random data to filename
|
static boolean |
randSave(String filename)
Writes a number of random bytes (currently 1024) to
file
filename which can be used to initialize the PRNG
by calling randLoad in a later session. |
static void |
randSet(String filename)
Sets global random filename.
|
static void |
setPassword(String password)
Set global Password for decrypting certificates and keys.
|
static void |
setPasswordCallback(PasswordCallback callback)
Set global Password callback for obtaining passwords.
|
static int |
version() |
static String |
versionString() |
public static final int UNSET
public static final int SSL_ALGO_UNKNOWN
public static final int SSL_ALGO_RSA
public static final int SSL_ALGO_DSA
public static final int SSL_ALGO_ALL
public static final int SSL_AIDX_RSA
public static final int SSL_AIDX_DSA
public static final int SSL_AIDX_MAX
public static final int SSL_TMP_KEY_RSA_512
public static final int SSL_TMP_KEY_RSA_1024
public static final int SSL_TMP_KEY_RSA_2048
public static final int SSL_TMP_KEY_RSA_4096
public static final int SSL_TMP_KEY_DH_512
public static final int SSL_TMP_KEY_DH_1024
public static final int SSL_TMP_KEY_DH_2048
public static final int SSL_TMP_KEY_DH_4096
public static final int SSL_TMP_KEY_MAX
public static final int SSL_OPT_NONE
public static final int SSL_OPT_RELSET
public static final int SSL_OPT_STDENVVARS
public static final int SSL_OPT_EXPORTCERTDATA
public static final int SSL_OPT_FAKEBASICAUTH
public static final int SSL_OPT_STRICTREQUIRE
public static final int SSL_OPT_OPTRENEGOTIATE
public static final int SSL_OPT_ALL
public static final int SSL_PROTOCOL_NONE
public static final int SSL_PROTOCOL_SSLV2
public static final int SSL_PROTOCOL_SSLV3
public static final int SSL_PROTOCOL_TLSV1
public static final int SSL_PROTOCOL_TLSV1_1
public static final int SSL_PROTOCOL_TLSV1_2
public static final int SSL_PROTOCOL_ALL
public static final int SSL_CVERIFY_UNSET
public static final int SSL_CVERIFY_NONE
public static final int SSL_CVERIFY_OPTIONAL
public static final int SSL_CVERIFY_REQUIRE
public static final int SSL_CVERIFY_OPTIONAL_NO_CA
public static final int SSL_VERIFY_NONE
public static final int SSL_VERIFY_PEER
public static final int SSL_VERIFY_FAIL_IF_NO_PEER_CERT
public static final int SSL_VERIFY_CLIENT_ONCE
public static final int SSL_VERIFY_PEER_STRICT
public static final int SSL_OP_MICROSOFT_SESS_ID_BUG
public static final int SSL_OP_NETSCAPE_CHALLENGE_BUG
public static final int SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
public static final int SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
public static final int SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
public static final int SSL_OP_MSIE_SSLV2_RSA_PADDING
public static final int SSL_OP_SSLEAY_080_CLIENT_DH_BUG
public static final int SSL_OP_TLS_D5_BUG
public static final int SSL_OP_TLS_BLOCK_PADDING_BUG
public static final int SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
public static final int SSL_OP_ALL
public static final int SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
public static final int SSL_OP_NO_COMPRESSION
public static final int SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
public static final int SSL_OP_SINGLE_ECDH_USE
public static final int SSL_OP_SINGLE_DH_USE
public static final int SSL_OP_EPHEMERAL_RSA
public static final int SSL_OP_CIPHER_SERVER_PREFERENCE
public static final int SSL_OP_TLS_ROLLBACK_BUG
public static final int SSL_OP_NO_SSLv2
public static final int SSL_OP_NO_SSLv3
public static final int SSL_OP_NO_TLSv1
public static final int SSL_OP_NO_TLSv1_1
public static final int SSL_OP_NO_TLSv1_2
public static final int SSL_OP_NO_TICKET
@Deprecated public static final int SSL_OP_PKCS1_CHECK_1
@Deprecated public static final int SSL_OP_PKCS1_CHECK_2
public static final int SSL_OP_NETSCAPE_CA_DN_BUG
public static final int SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
public static final int SSL_CRT_FORMAT_UNDEF
public static final int SSL_CRT_FORMAT_ASN1
public static final int SSL_CRT_FORMAT_TEXT
public static final int SSL_CRT_FORMAT_PEM
public static final int SSL_CRT_FORMAT_NETSCAPE
public static final int SSL_CRT_FORMAT_PKCS12
public static final int SSL_CRT_FORMAT_SMIME
public static final int SSL_CRT_FORMAT_ENGINE
public static final int SSL_MODE_CLIENT
public static final int SSL_MODE_SERVER
public static final int SSL_MODE_COMBINED
public static final int SSL_SHUTDOWN_TYPE_UNSET
public static final int SSL_SHUTDOWN_TYPE_STANDARD
public static final int SSL_SHUTDOWN_TYPE_UNCLEAN
public static final int SSL_SHUTDOWN_TYPE_ACCURATE
public static final int SSL_INFO_SESSION_ID
public static final int SSL_INFO_CIPHER
public static final int SSL_INFO_CIPHER_USEKEYSIZE
public static final int SSL_INFO_CIPHER_ALGKEYSIZE
public static final int SSL_INFO_CIPHER_VERSION
public static final int SSL_INFO_CIPHER_DESCRIPTION
public static final int SSL_INFO_PROTOCOL
public static final int SSL_INFO_CLIENT_S_DN
public static final int SSL_INFO_CLIENT_I_DN
public static final int SSL_INFO_SERVER_S_DN
public static final int SSL_INFO_SERVER_I_DN
public static final int SSL_INFO_DN_COUNTRYNAME
public static final int SSL_INFO_DN_STATEORPROVINCENAME
public static final int SSL_INFO_DN_LOCALITYNAME
public static final int SSL_INFO_DN_ORGANIZATIONNAME
public static final int SSL_INFO_DN_ORGANIZATIONALUNITNAME
public static final int SSL_INFO_DN_COMMONNAME
public static final int SSL_INFO_DN_TITLE
public static final int SSL_INFO_DN_INITIALS
public static final int SSL_INFO_DN_GIVENNAME
public static final int SSL_INFO_DN_SURNAME
public static final int SSL_INFO_DN_DESCRIPTION
public static final int SSL_INFO_DN_UNIQUEIDENTIFIER
public static final int SSL_INFO_DN_EMAILADDRESS
public static final int SSL_INFO_CLIENT_M_VERSION
public static final int SSL_INFO_CLIENT_M_SERIAL
public static final int SSL_INFO_CLIENT_V_START
public static final int SSL_INFO_CLIENT_V_END
public static final int SSL_INFO_CLIENT_A_SIG
public static final int SSL_INFO_CLIENT_A_KEY
public static final int SSL_INFO_CLIENT_CERT
public static final int SSL_INFO_CLIENT_V_REMAIN
public static final int SSL_INFO_SERVER_M_VERSION
public static final int SSL_INFO_SERVER_M_SERIAL
public static final int SSL_INFO_SERVER_V_START
public static final int SSL_INFO_SERVER_V_END
public static final int SSL_INFO_SERVER_A_SIG
public static final int SSL_INFO_SERVER_A_KEY
public static final int SSL_INFO_SERVER_CERT
public static final int SSL_INFO_CLIENT_CERT_CHAIN
public static int version()
public static String versionString()
public static int initialize(String engine)
engine
- Support for external a Crypto Device ("engine"),
usually
a hardware accelerator card for crypto operations.public static int fipsModeGet() throws Exception
0
if OpenSSL is not
in FIPS mode, 1
if OpenSSL is in FIPS Mode.Exception
- If tcnative was not compiled with FIPS Mode available.public static int fipsModeSet(int mode) throws Exception
mode
- 1 - enable, 0 - disableException
- If tcnative was not compiled with FIPS Mode available,
or if FIPS_mode_set()
call returned an error value.public static boolean randLoad(String filename)
filename
- Filename containing random data.
If null the default file will be tested.
The seed file is $RANDFILE if that environment variable is
set, $HOME/.rnd otherwise.
In case both files are unavailable builtin
random seed generator is used.public static boolean randSave(String filename)
filename
which can be used to initialize the PRNG
by calling randLoad in a later session.filename
- Filename to save the datapublic static boolean randMake(String filename, int len, boolean base64)
filename
- Filename to save the datalen
- The length of random sequence in bytesbase64
- Output the data in Base64 encoded formatpublic static void randSet(String filename)
filename
- Filename to use.
If set it will be used for SSL initialization
and all contexts where explicitly not set.public static long newBIO(long pool, BIOCallback callback) throws Exception
pool
- The pool to use.callback
- BIOCallback to useException
public static int closeBIO(long bio)
bio
- BIO to close and destroy.public static void setPasswordCallback(PasswordCallback callback)
callback
- PasswordCallback implementation to use.public static void setPassword(String password)
password
- Password to use.public static boolean generateRSATempKey(int idx)
SSL_TMP_KEY_RSA_512 SSL_TMP_KEY_RSA_1024 SSL_TMP_KEY_RSA_2048 SSL_TMP_KEY_RSA_4096By default 512 and 1024 keys are generated on startup. You can use a low priority thread to generate them on the fly.
idx
- temporary key index.public static boolean loadDSATempKey(int idx, String file)
SSL_TMP_KEY_DH_512 SSL_TMP_KEY_DH_1024 SSL_TMP_KEY_DH_2048 SSL_TMP_KEY_DH_4096
idx
- temporary key index.file
- File containing DH params.public static String getLastError()
public static boolean hasOp(int op)
true
if and only if op
=
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
and tcnative
supports that flag.op
- Bitwise-OR of all SSL_OP_* to test.Copyright © 2000-2014 Apache Software Foundation. All Rights Reserved.