1 /* 2 * Copyright (C) 2018 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.net.ssl; 18 19 import com.android.org.conscrypt.Conscrypt; 20 import javax.net.ssl.SSLException; 21 import javax.net.ssl.SSLSocket; 22 import libcore.util.NonNull; 23 import libcore.util.Nullable; 24 25 /** 26 * Static utility methods for accessing additional functionality of supported instances of 27 * {@link SSLSocket}. Sockets from the platform TLS provider will be compatible with all 28 * methods in this class. 29 */ 30 public class SSLSockets { SSLSockets()31 private SSLSockets() {} 32 33 /** 34 * Returns whether the given socket can be used with the methods in this class. In general, 35 * only sockets from the platform TLS provider are supported. 36 */ isSupportedSocket(@onNull SSLSocket socket)37 public static boolean isSupportedSocket(@NonNull SSLSocket socket) { 38 return Conscrypt.isConscrypt(socket); 39 } 40 checkSupported(@onNull SSLSocket s)41 private static void checkSupported(@NonNull SSLSocket s) { 42 if (!isSupportedSocket(s)) { 43 throw new IllegalArgumentException("Socket is not a supported socket."); 44 } 45 } 46 47 /** 48 * Enables or disables the use of session tickets. 49 * 50 * <p>This function must be called before the handshake is started or it will have no effect. 51 * 52 * @param socket the socket 53 * @param useSessionTickets whether to enable or disable the use of session tickets 54 * @throws IllegalArgumentException if the given socket is not a platform socket 55 */ setUseSessionTickets(@onNull SSLSocket socket, boolean useSessionTickets)56 public static void setUseSessionTickets(@NonNull SSLSocket socket, boolean useSessionTickets) { 57 checkSupported(socket); 58 Conscrypt.setUseSessionTickets(socket, useSessionTickets); 59 } 60 61 /** 62 * Exports a value derived from the TLS master secret as described in RFC 5705. 63 * 64 * A number of protocols leverage Transport Layer Security (TLS) to perform key 65 * establishment but then use some of the keying material for their own purposes. 66 * 67 * This method allows an application to export keying material from a TLS connection. 68 * The exported material will be the same on the client and server if they pass in 69 * the same values for {@code label} and {@code context}. See RFC 5705 for further 70 * details. 71 * 72 * @param socket the socket to use for exporting keying material 73 * @param label the label to use in calculating the exported value. This must be 74 * an ASCII-only string. 75 * @param context the application-specific context value to use in calculating the 76 * exported value. This may be {@code null} to use no application context, which is 77 * treated differently than an empty byte array. 78 * @param length the number of bytes of keying material to return. 79 * @return a value of the specified length, or {@code null} if the handshake has not yet 80 * completed or the connection has been closed. 81 * @throws SSLException if the value could not be exported. 82 */ 83 @Nullable exportKeyingMaterial(@onNull SSLSocket socket, @NonNull String label, @Nullable byte[] context, int length)84 public static byte[] exportKeyingMaterial(@NonNull SSLSocket socket, @NonNull String label, 85 @Nullable byte[] context, int length) throws SSLException { 86 checkSupported(socket); 87 return Conscrypt.exportKeyingMaterial(socket, label, context, length); 88 } 89 } 90