• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright 2016 The Netty Project
3  *
4  * The Netty Project licenses this file to you under the Apache License,
5  * version 2.0 (the "License"); you may not use this file except in compliance
6  * with the License. You may obtain a copy of the License at:
7  *
8  *   http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13  * License for the specific language governing permissions and limitations
14  * under the License.
15  */
16 package io.netty.internal.tcnative;
17 
18 /**
19  * Is called during handshake and hooked into openssl via {@code SSL_CTX_set_client_cert_cb}.
20  *
21  * IMPORTANT: Implementations of this interface should be static as it is stored as a global reference via JNI. This
22  *            means if you use an inner / anonymous class to implement this and also depend on the finalizer of the
23  *            class to free up the SSLContext the finalizer will never run as the object is never GC, due the hard
24  *            reference to the enclosing class. This will most likely result in a memory leak.
25  */
26 public interface CertificateRequestedCallback {
27 
28     /**
29      * The types contained in the {@code keyTypeBytes} array.
30      */
31     // Extracted from https://github.com/openssl/openssl/blob/master/include/openssl/tls1.h
32     byte TLS_CT_RSA_SIGN = 1;
33     byte TLS_CT_DSS_SIGN = 2;
34     byte TLS_CT_RSA_FIXED_DH = 3;
35     byte TLS_CT_DSS_FIXED_DH = 4;
36     byte TLS_CT_ECDSA_SIGN = 64;
37     byte TLS_CT_RSA_FIXED_ECDH = 65;
38     byte TLS_CT_ECDSA_FIXED_ECDH = 66;
39 
40     /**
41      * Called during cert selection.
42      *
43      * @param ssl                       the SSL instance
44      * @param keyTypeBytes              an array of the key types.
45      * @param asn1DerEncodedPrincipals  the principals
46      * @return material to use or {@code null} if non should be used. The ownership of all native memory goes over to
47      *                  tcnative at this point.
48      *
49      */
requested(long ssl, byte[] keyTypeBytes, byte[][] asn1DerEncodedPrincipals)50     KeyMaterial requested(long ssl, byte[] keyTypeBytes, byte[][] asn1DerEncodedPrincipals);
51 
52     /**
53      * Holds the material to use. Tcnative is responsible releasing native memory used by the wrapped native objects.
54      */
55     // Non-final so we can extend from this later ond cache these easily in Netty.
56     class KeyMaterial {
57 
58         private final long certificateChain;
59         private final long privateKey;
60 
KeyMaterial(long certificateChain, long privateKey)61         public KeyMaterial(long certificateChain, long privateKey) {
62             this.certificateChain = certificateChain;
63             this.privateKey = privateKey;
64         }
65 
66         /**
67          * Returns a {@code EVP_PKEY} pointer
68          *
69          * @return the {@code EVP_PKEY} pointer
70          */
privateKey()71         public final long privateKey() {
72             return privateKey;
73         }
74 
75         /**
76          * Returns a x509 chain ({@code STACK_OF(X509)} pointer)
77          *
78          * @return thex509 chain ({@code STACK_OF(X509)} pointer)
79          */
certificateChain()80         public final long certificateChain() {
81             return certificateChain;
82         }
83     }
84 }
85