View Javadoc
1   /*
2    * Copyright 2016 The Netty Project
3    *
4    * The Netty Project licenses this file to you under the Apache License,
5    * version 2.0 (the "License"); you may not use this file except in compliance
6    * with the License. You may obtain a copy of the License at:
7    *
8    *   http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13   * License for the specific language governing permissions and limitations
14   * under the License.
15   */
16  package io.netty.internal.tcnative;
17  
18  /**
19   * Is called during handshake and hooked into openssl via {@code SSL_CTX_set_client_cert_cb}.
20   *
21   * IMPORTANT: Implementations of this interface should be static as it is stored as a global reference via JNI. This
22   *            means if you use an inner / anonymous class to implement this and also depend on the finalizer of the
23   *            class to free up the SSLContext the finalizer will never run as the object is never GC, due the hard
24   *            reference to the enclosing class. This will most likely result in a memory leak.
25   */
26  public interface CertificateRequestedCallback {
27  
28      /**
29       * The types contained in the {@code keyTypeBytes} array.
30       */
31      // Extracted from https://github.com/openssl/openssl/blob/master/include/openssl/tls1.h
32      byte TLS_CT_RSA_SIGN = 1;
33      byte TLS_CT_DSS_SIGN = 2;
34      byte TLS_CT_RSA_FIXED_DH = 3;
35      byte TLS_CT_DSS_FIXED_DH = 4;
36      byte TLS_CT_ECDSA_SIGN = 64;
37      byte TLS_CT_RSA_FIXED_ECDH = 65;
38      byte TLS_CT_ECDSA_FIXED_ECDH = 66;
39  
40      /**
41       * Called during cert selection.
42       *
43       * @param ssl                       the SSL instance
44       * @param keyTypeBytes              an array of the key types.
45       * @param asn1DerEncodedPrincipals  the principals
46       * @return material to use or {@code null} if non should be used. The ownership of all native memory goes over to
47       *                  tcnative at this point.
48       *
49       */
50      KeyMaterial requested(long ssl, byte[] keyTypeBytes, byte[][] asn1DerEncodedPrincipals);
51  
52      /**
53       * Holds the material to use. Tcnative is responsible releasing native memory used by the wrapped native objects.
54       */
55      // Non-final so we can extend from this later ond cache these easily in Netty.
56      class KeyMaterial {
57  
58          private final long certificateChain;
59          private final long privateKey;
60  
61          public KeyMaterial(long certificateChain, long privateKey) {
62              this.certificateChain = certificateChain;
63              this.privateKey = privateKey;
64          }
65  
66          /**
67           * Returns a {@code EVP_PKEY} pointer
68           *
69           * @return the {@code EVP_PKEY} pointer
70           */
71          public final long privateKey() {
72              return privateKey;
73          }
74  
75          /**
76           * Returns a x509 chain ({@code STACK_OF(X509)} pointer)
77           *
78           * @return thex509 chain ({@code STACK_OF(X509)} pointer)
79           */
80          public final long certificateChain() {
81              return certificateChain;
82          }
83      }
84  }