View Javadoc
1   /*
2    * Copyright 2019 The Netty Project
3    *
4    * The Netty Project licenses this file to you under the Apache License,
5    * version 2.0 (the "License"); you may not use this file except in compliance
6    * with the License. You may obtain a copy of the License at:
7    *
8    *   https://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13   * License for the specific language governing permissions and limitations
14   * under the License.
15   */
16  package io.netty5.handler.ssl;
17  
18  import io.netty.internal.tcnative.SSLPrivateKeyMethod;
19  import io.netty5.util.internal.UnstableApi;
20  
21  import javax.net.ssl.SSLEngine;
22  
23  /**
24   * Allow customization of private key signing / decrypting (when using RSA). Only supported when using BoringSSL atm.
25   */
26  @UnstableApi
27  public interface OpenSslPrivateKeyMethod {
28      int SSL_SIGN_RSA_PKCS1_SHA1 = SSLPrivateKeyMethod.SSL_SIGN_RSA_PKCS1_SHA1;
29      int SSL_SIGN_RSA_PKCS1_SHA256 = SSLPrivateKeyMethod.SSL_SIGN_RSA_PKCS1_SHA256;
30      int SSL_SIGN_RSA_PKCS1_SHA384 = SSLPrivateKeyMethod.SSL_SIGN_RSA_PKCS1_SHA384;
31      int SSL_SIGN_RSA_PKCS1_SHA512 = SSLPrivateKeyMethod.SSL_SIGN_RSA_PKCS1_SHA512;
32      int SSL_SIGN_ECDSA_SHA1 = SSLPrivateKeyMethod.SSL_SIGN_ECDSA_SHA1;
33      int SSL_SIGN_ECDSA_SECP256R1_SHA256 = SSLPrivateKeyMethod.SSL_SIGN_ECDSA_SECP256R1_SHA256;
34      int SSL_SIGN_ECDSA_SECP384R1_SHA384 = SSLPrivateKeyMethod.SSL_SIGN_ECDSA_SECP384R1_SHA384;
35      int SSL_SIGN_ECDSA_SECP521R1_SHA512 = SSLPrivateKeyMethod.SSL_SIGN_ECDSA_SECP521R1_SHA512;
36      int SSL_SIGN_RSA_PSS_RSAE_SHA256 = SSLPrivateKeyMethod.SSL_SIGN_RSA_PSS_RSAE_SHA256;
37      int SSL_SIGN_RSA_PSS_RSAE_SHA384 = SSLPrivateKeyMethod.SSL_SIGN_RSA_PSS_RSAE_SHA384;
38      int SSL_SIGN_RSA_PSS_RSAE_SHA512 = SSLPrivateKeyMethod.SSL_SIGN_RSA_PSS_RSAE_SHA512;
39      int SSL_SIGN_ED25519 = SSLPrivateKeyMethod.SSL_SIGN_ED25519;
40      int SSL_SIGN_RSA_PKCS1_MD5_SHA1 = SSLPrivateKeyMethod.SSL_SIGN_RSA_PKCS1_MD5_SHA1;
41  
42      /**
43       * Signs the input with the given key and returns the signed bytes.
44       *
45       * @param engine                the {@link SSLEngine}
46       * @param signatureAlgorithm    the algorithm to use for signing
47       * @param input                 the digest itself
48       * @return                      the signed data (must not be {@code null})
49       * @throws Exception            thrown if an error is encountered during the signing
50       */
51      byte[] sign(SSLEngine engine, int signatureAlgorithm, byte[] input) throws Exception;
52  
53      /**
54       * Decrypts the input with the given key and returns the decrypted bytes.
55       *
56       * @param engine                the {@link SSLEngine}
57       * @param input                 the input which should be decrypted
58       * @return                      the decrypted data (must not be {@code null})
59       * @throws Exception            thrown if an error is encountered during the decrypting
60       */
61      byte[] decrypt(SSLEngine engine, byte[] input) throws Exception;
62  }