Package com.wolfssl

Class WolfSSL

  • public class WolfSSL
extends java.lang.Object
    Base class which wraps the native WolfSSL embedded SSL library. This class contains library init and cleanup methods, general callback methods, as well as error codes and general wolfSSL codes.
    Version:
    1.1, September 2013
    Author:
    wolfSSL

    • Constructor Detail

      • WolfSSL

        public WolfSSL()
        throws WolfSSLException
        Initializes the wolfSSL library for use.
        Throws:
        WolfSSLException - if wolfSSL library fails to initialize correctly

    • Method Detail

      • nativeFree

        public static void nativeFree​(long ptr)

      • loadLibrary

        public static void loadLibrary()
                        throws java.lang.UnsatisfiedLinkError
        Loads JNI library; must be called prior to any other calls in this class. The native library is expected to be be called "wolfssljni", and must be on the system library search path.
        Throws:
        java.lang.UnsatisfiedLinkError - if the library is not found.

      • loadLibrary

        public static void loadLibrary​(java.lang.String libName)
                        throws java.lang.UnsatisfiedLinkError
        Load JNI library with a specific name; must be called prior to any other calls in this package. The native library needs to be located on the system library search path.
        Parameters:
        libName - name of native JNI library
        Throws:
        java.lang.UnsatisfiedLinkError - if the library is not found.

      • loadLibraryAbsolute

        public static void loadLibraryAbsolute​(java.lang.String libPath)
                                throws java.lang.UnsatisfiedLinkError
        Loads dynamic JNI library from a specific path; must be called prior to any other calls in this package. This function gives the application more control over the exact native library being loaded, as both WolfSSL.loadLibrary() and WolfSSL.loadLibrary(String libName) search for a library on the system library search path. This function allows the appliation to specify a specific absolute path to the native library file to load, thus guaranteeing the exact library loaded and helping to prevent against malicious attackers from attempting to override the library being loaded.
        Parameters:
        libPath - complete path name to the native dynamic JNI library
        Throws:
        java.lang.UnsatisfiedLinkError - if the library is not found.

      • TLSv1Enabled

        public static boolean TLSv1Enabled()
        Tests if TLS 1.0 has been compiled into the native wolfSSL library. TLS 1.0 is disabled by default in native wolfSSL, unless the user has configured wolfSSL with "--enable-tls10".
        Returns:
        1 if enabled, otherwise 0 if not compiled in.

      • TLSv11Enabled

        public static boolean TLSv11Enabled()
        Tests if TLS 1.1 has been compiled into the native wolfSSL library.
        Returns:
        1 if enabled, otherwise 0 if not compiled in.

      • TLSv12Enabled

        public static boolean TLSv12Enabled()
        Tests if TLS 1.2 has been compiled into the native wolfSSL library.
        Returns:
        1 if enabled, otherwise 0 if not compiled in.

      • TLSv13Enabled

        public static boolean TLSv13Enabled()
        Tests if TLS 1.3 has been compiled into the native wolfSSL library.
        Returns:
        1 if enabled, otherwise 0 if not compiled in.

      • EccEnabled

        public static boolean EccEnabled()
        Tests if ECC support has been compiled into the native wolfSSL library.
        Returns:
        1 if enabled, otherwise 0 if not compiled in.

      • RsaEnabled

        public static boolean RsaEnabled()
        Tests if RSA support has been compiled into the native wolfSSL library.
        Returns:
        1 if enabled, otherwise 0 if not compiled in.

      • SSLv3_ServerMethod

        @Deprecated
public static final long SSLv3_ServerMethod()
        Deprecated.
        SSL 3.0 is now considered insecure.
        Indicates that the application is a server and will only support the SSL 3.0 protocol. This method allocates memory for and initializes a new native WOLFSSL_METHOD structure to be used when creating the SSL/TLS context with newContext().
        Returns:
        A pointer to the created WOLFSSL_METHOD structure if successful, null on failure.
        See Also:
        WolfSSLContext.newContext(long)

      • SSLv3_ClientMethod

        @Deprecated
public static final long SSLv3_ClientMethod()
        Deprecated.
        SSL 3.0 is now considered insecure.
        Indicates that the application is a client and will only support the SSL 3.0 protocol. This method allocates memory for and initializes a new native WOLFSSL_METHOD structure to be used when creating the SSL/TLS context with newContext().
        Returns:
        A pointer to the created WOLFSSL_METHOD structure if successful, null on failure.
        See Also:
        WolfSSLContext.newContext(long)

      • TLSv1_Method

        public static final long TLSv1_Method()
        Indicates that the application will only support the TLS 1.0 protocol. Application is side-independent at this time, and client/server side will be determined at connect/accept stage. This method allocates memory for and initializes a new native WOLFSSL_METHOD structure to be used when creating the SSL/TLS context with newContext().
        Returns:
        A pointer to the created WOLFSSL_METHOD structure if successful, null on failure.
        See Also:
        WolfSSLContext.newContext(long)

      • TLSv1_ServerMethod

        public static final long TLSv1_ServerMethod()
        Indicates that the application is a server and will only support the TLS 1.0 protocol. This method allocates memory for and initializes a new native WOLFSSL_METHOD structure to be used when creating the SSL/TLS context with newContext().
        Returns:
        A pointer to the created WOLFSSL_METHOD structure if successful, null on failure.
        See Also:
        WolfSSLContext.newContext(long)

      • TLSv1_ClientMethod

        public static final long TLSv1_ClientMethod()
        Indicates that the application is a client and will only support the TLS 1.0 protocol. This method allocates memory for and initializes a new native WOLFSSL_METHOD structure to be used when creating the SSL/TLS context with newContext().
        Returns:
        A pointer to the created WOLFSSL_METHOD structure if successful, null on failure.
        See Also:
        WolfSSLContext.newContext(long)

      • TLSv1_1_Method

        public static final long TLSv1_1_Method()
        Indicates that the application will only support the TLS 1.1 protocol. Application is side-independent at this time, and client/server side will be determined at connect/accept stage. This method allocates memory for and initializes a new native WOLFSSL_METHOD structure to be used when creating the SSL/TLS context with newContext().
        Returns:
        A pointer to the created WOLFSSL_METHOD structure if successful, null on failure.
        See Also:
        WolfSSLContext.newContext(long)

      • TLSv1_1_ServerMethod

        public static final long TLSv1_1_ServerMethod()
        Indicates that the application is a server and will only support the TLS 1.1 protocol. This method allocates memory for and initializes a new native WOLFSSL_METHOD structure to be used when creating the SSL/TLS context with newContext().
        Returns:
        A pointer to the created WOLFSSL_METHOD structure if successful, null on failure.
        See Also:
        WolfSSLContext.newContext(long)

      • TLSv1_1_ClientMethod

        public static final long TLSv1_1_ClientMethod()
        Indicates that the application is a client and will only support the TLS 1.1 protocol. This method allocates memory for and initializes a new native WOLFSSL_METHOD structure to be used when creating the SSL/TLS context with newContext().
        Returns:
        A pointer to the created WOLFSSL_METHOD structure if successful, null on failure.
        See Also:
        WolfSSLContext.newContext(long)

      • TLSv1_2_Method

        public static final long TLSv1_2_Method()
        Indicates that the application will only support the TLS 1.2 protocol. Application is side-independent at this time, and client/server side will be determined at connect/accept stage. This method allocates memory for and initializes a new native WOLFSSL_METHOD structure to be used when creating the SSL/TLS context with newContext().
        Returns:
        A pointer to the created WOLFSSL_METHOD structure if successful, null on failure.
        See Also:
        WolfSSLContext.newContext(long)

      • TLSv1_2_ServerMethod

        public static final long TLSv1_2_ServerMethod()
        Indicates that the application is a server and will only support the TLS 1.2 protocol. This method allocates memory for and initializes a new native WOLFSSL_METHOD structure to be used when creating the SSL/TLS context with newContext().
        Returns:
        A pointer to the created WOLFSSL_METHOD structure if successful, null on failure.
        See Also:
        WolfSSLContext.newContext(long)

      • TLSv1_2_ClientMethod

        public static final long TLSv1_2_ClientMethod()
        Indicates that the application is a client and will only support the TLS 1.2 protocol. This method allocates memory for and initializes a new native WOLFSSL_METHOD structure to be used when creating the SSL/TLS context with newContext().
        Returns:
        A pointer to the created WOLFSSL_METHOD structure if successful, null on failure.
        See Also:
        WolfSSLContext.newContext(long)

      • TLSv1_3_Method

        public static final long TLSv1_3_Method()
        Indicates that the application will only support the TLS 1.3 protocol. Application is side-independent at this time, and client/server side will be determined at connect/accept stage. This method allocates memory for and initializes a new native WOLFSSL_METHOD structure to be used when creating the SSL/TLS context with newContext().
        Returns:
        A pointer to the created WOLFSSL_METHOD structure if successful, null on failure.
        See Also:
        WolfSSLContext.newContext(long)

      • DTLSv1_Method

        public static final long DTLSv1_Method()
        Indicates that the application will only support the DTLS 1.0 protocol. Application is side-independent at this time, and client/server side will be determined at connect/accept stage. This method allocates memory for and initializes a new native WOLFSSL_METHOD structure to be used when creating the SSL/TLS context with newContext().
        Returns:
        A pointer to the created WOLFSSL_METHOD structure if successful, null on failure.
        See Also:
        WolfSSLContext.newContext(long)

      • DTLSv1_ServerMethod

        public static final long DTLSv1_ServerMethod()
        Indicates that the application is a server and will only support the DTLS 1.0 protocol. This method allocates memory for and initializes a new native WOLFSSL_METHOD structure to be used when creating the SSL/TLS context with newContext().
        Returns:
        A pointer to the created WOLFSSL_METHOD structure if successful, null on failure.
        See Also:
        WolfSSLContext.newContext(long)

      • DTLSv1_ClientMethod

        public static final long DTLSv1_ClientMethod()
        Indicates that the application is a client and will only support the DTLS 1.0 protocol. This method allocates memory for and initializes a new native WOLFSSL_METHOD structure to be used when creating the SSL/TLS context with newContext().
        Returns:
        A pointer to the created WOLFSSL_METHOD structure if successful, null on failure.
        See Also:
        WolfSSLContext.newContext(long)

      • DTLSv1_2_Method

        public static final long DTLSv1_2_Method()
        Indicates that the application will only support the DTLS 1.2 protocol. Application is side-independent at this time, and client/server side will be determined at connect/accept stage. This method allocates memory for and initializes a new native WOLFSSL_METHOD structure to be used when creating the SSL/TLS context with newContext().
        Returns:
        A pointer to the created WOLFSSL_METHOD structure if successful, null on failure.
        See Also:
        WolfSSLContext.newContext(long)

      • DTLSv1_2_ServerMethod

        public static final long DTLSv1_2_ServerMethod()
        Indicates that the application is a server and will only support the DTLS 1.2 protocol. This method allocates memory for and initializes a new native WOLFSSL_METHOD structure to be used when creating the SSL/TLS context with newContext().
        Returns:
        A pointer to the created WOLFSSL_METHOD structure if successful, null on failure.
        See Also:
        WolfSSLContext.newContext(long)

      • DTLSv1_2_ClientMethod

        public static final long DTLSv1_2_ClientMethod()
        Indicates that the application is a client and will only support the DTLS 1.2 protocol. This method allocates memory for and initializes a new native WOLFSSL_METHOD structure to be used when creating the SSL/TLS context with newContext().
        Returns:
        A pointer to the created WOLFSSL_METHOD structure if successful, null on failure.
        See Also:
        WolfSSLContext.newContext(long)

      • SSLv23_Method

        public static final long SSLv23_Method()
        Indicates that the application will use the highest possible SSL/TLS version from SSL 3.0 up to TLS 1.2, but is side-independent at creation time. Client/server side will be determined at connect/accept stage. This method allocates memory for and initializes a new native WOLFSSL_METHOD structure to be used when creating the SSL/TLS context with newContext().
        Returns:
        A pointer to the created WOLFSSL_METHOD structure if successful, null on failure.
        See Also:
        WolfSSLContext.newContext(long)

      • SSLv23_ServerMethod

        public static final long SSLv23_ServerMethod()
        Indicates that the application is a server and will use the highest possible SSL/TLS version from SSL 3.0 up to TLS 1.2. This method allocates memory for and initializes a new native WOLFSSL_METHOD structure to be used when creating the SSL/TLS context with newContext().
        Returns:
        A pointer to the created WOLFSSL_METHOD structure if successful, null on failure.
        See Also:
        WolfSSLContext.newContext(long)

      • SSLv23_ClientMethod

        public static final long SSLv23_ClientMethod()
        Indicates that the application is a client and will use the highest possible SSL/TLS version from SSL 3.0 up to TLS 1.2. This method allocates memory for and initializes a new native WOLFSSL_METHOD structure to be used when creating the SSL/TLS context with newContext().
        Returns:
        A pointer to the created WOLFSSL_METHOD structure if successful, null on failure.
        See Also:
        WolfSSLContext.newContext(long)

      • getErrorString

        public static final java.lang.String getErrorString​(long errNumber)
        Converts an error code returned by getError() into a more human- readable error string. The maximum length of the returned string is 80 characters by default, as defined by MAX_ERROR_SZ in the native wolfSSL error.h header file.
        Parameters:
        errNumber - error code returned by getError()
        Returns:
        output String containing human-readable error string matching errNumber on success. On failure, this method returns a String with the appropriate failure reason.
        See Also:
        WolfSSLSession.getError(long, int)

      • cleanup

        public static final int cleanup()
        Un-initializes the wolfSSL library from further use. Doesn't have to be called, though it will free any resources used by the library.
        Returns:
        SSL_SUCCESS upon success, BAD_MUTEX_ERROR on mutex error.

      • debuggingON

        public static final int debuggingON()
        Turns on debug logging at runtime. To enable logging at build time, use --enable-debug or define DEBUG_WOLFSSL. Debugging must be enabled at build time in order for the method to have any effect.
        Returns:
        SSL_SUCCESS upon success. NOT_COMPILED_IN if logging isnt' enabled for this wolfSSL build.
        See Also:
        debuggingOFF(), setLoggingCb(WolfSSLLoggingCallback)

      • setLoggingCb

        public static final int setLoggingCb​(WolfSSLLoggingCallback cb)
        Registers the callback to be used for Logging debug and trace messages.
        Parameters:
        cb - Callback to be used for logging debug messages
        Returns:
        SSL_ERROR_NONE upon success, BAD_FUNC_ARG if input is null, NOT_COMPILED_IN if wolfSSL was not compiled with debugging support enabled.
        See Also:
        debuggingON(), debuggingOFF()

      • getPkcs8TraditionalOffset

        public static int getPkcs8TraditionalOffset​(byte[] in,
                                            long idx,
                                            long sz)
        Strips off PKCS#8 header from byte array. This function starts reading the input array for a PKCS#8 header, beginning at input offset, idx. If found, it returns the offset of the inner traditional data.
        Parameters:
        in - input buffer containing PKCS#8 formatted key
        idx - index/offset into input array to begin reading
        sz - size of input array
        Returns:
        offset where the traditional key begins, or negative on failure.

      • x509_getDer

        public static byte[] x509_getDer​(long x509)
        Returns the DER-encoded form of the certificate pointed to by x509.
        Parameters:
        x509 - pointer (long) to a native WOLFSSL_X509 object. This objects represents an X.509 certificate.
        Returns:
        DER-encoded certificate or null if the input buffer is null.

      • getHmacMaxSize

        public static int getHmacMaxSize()
        Returns the wolfSSL max HMAC digest size. Specifically, returns the value of the native wolfSSL MAX_DIGEST_SIZE define.
        Returns:
        value of native MAX_DIGEST_SIZE define

      • getCiphers

        public static java.lang.String[] getCiphers()

      • getCiphersIana

        public static java.lang.String[] getCiphersIana()
        Gets a list of all cipher suites supported and uses the format TLS_*
        Returns:
        list of all cipher suites supported

      • isEnabledCRL

        public static int isEnabledCRL()
        Checks if CRL support is enabled in wolfSSL native library.
        Returns:
        1 if enabled, 0 if not compiled in

      • isEnabledCRLMonitor

        public static int isEnabledCRLMonitor()
        Checks if CRL Monitor support is enabled in wolfSSL native library.
        Returns:
        1 if enabled, 0 if not compiled in

      • isEnabledOCSP

        public static int isEnabledOCSP()
        Checks if OCSP support is enabled in wolfSSL native library.
        Returns:
        1 if enabled, 0 if not compiled in

      • isEnabledPSK

        public static int isEnabledPSK()
        Checks if PSK support is enabled in wolfSSL native library.
        Returns:
        1 if enabled, 0 if not compiled in

      • isEnabledDTLS

        public static int isEnabledDTLS()
        Checks if DTLS support is enabled in wolfSSL native library.
        Returns:
        1 if enabled, 0 if not compiled in

      • isEnabledAtomicUser

        public static int isEnabledAtomicUser()
        Checks if Atomic User support is enabled in wolfSSL native library.
        Returns:
        1 if enabled, 0 if not compiled in

      • isEnabledPKCallbacks

        public static int isEnabledPKCallbacks()
        Checks if Public Key Callback support is enabled in wolfSSL native library.
        Returns:
        1 if enabled, 0 if not compiled in

      • getProtocols

        public static java.lang.String[] getProtocols()
        Checks which protocols where built into wolfSSL
        Returns:
        an array of Strings for supported protocols

      • getProtocolsMask

        public static java.lang.String[] getProtocolsMask​(long mask)
        Checks which protocols where built into wolfSSL with Mask
        Parameters:
        mask - flags prohibiting TLS version (i.e. SSL_OP_NO_xxx)
        Returns:
        an array of Strings for supported protocols