Package com.wolfssl

Class WolfSSLContext

  • public class WolfSSLContext
extends java.lang.Object
    Wraps a native WolfSSL context object and contains methods directly related to the SSL/TLS context.
    Version:
    1.0, August 2013
    Author:
    wolfSSL

    • Constructor Detail

      • WolfSSLContext

        public WolfSSLContext​(long method)
               throws WolfSSLException
        Creates a new SSL/TLS context for the desired SSL/TLS protocol level.
        Parameters:
        method - a pointer (long) to the desired WOLFSSL_METHOD for use in the SSL context. This WOLFSSL_METHOD pointer is created with one of the protocol-specific methods (ex: TLSv1_2_ClientMethod()) matching to the desired SSL/TLS/DTLS protocol level.
        Throws:
        WolfSSLException - when creation of SSL context fails

    • Method Detail

      • useCertificateFile

        public int useCertificateFile​(java.lang.String file,
                              int format)
                       throws java.lang.IllegalStateException,
                              java.lang.NullPointerException
        Loads a certificate file into the SSL context. This file is provided by the file parameter. The format paramenter specifies the format type of the file - either SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. Please see the wolfSSL examples for proper usage.
        Parameters:
        file - a file containing the certificate to be loaded into the wolfSSL SSL context.
        format - format of the certificates pointed to by file . Possible options are SSL_FILETYPE_ASN1, for DER-encoded certificates, or SSL_FILETYPE_PEM for PEM-encoded certificates.
        Returns:
        SSL_SUCCESS upon success, otherwise SSL_FAILURE. Possible failure causes may be that the file is in the wrong format, the format argument was given incorrectly, the file doesn't exist, can't be read, or is corrupted, an out of memory condition occurs, or the Base16 decoding fails on the file.
        Throws:
        java.lang.IllegalStateException - WolfSSLContext has been freed
        java.lang.NullPointerException - Input file is null
        See Also:
        WolfSSLSession.useCertificateFile(String, int)

      • usePrivateKeyFile

        public int usePrivateKeyFile​(java.lang.String file,
                             int format)
                      throws java.lang.IllegalStateException,
                             java.lang.NullPointerException
        Loads a private key file into the SSL context. This file is provided by the file parameter. The format paramenter specifies the format type of the file - either SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM. Please see the wolfSSL examples for proper usage.
        Parameters:
        file - a file containing the private key to be loaded into the wolfSSL SSL context.
        format - format of the private key pointed to by file . Possible options are SSL_FILETYPE_ASN1, for a DER-encoded key, or SSL_FILETYPE_PEM for a PEM-encoded key.
        Returns:
        SSL_SUCCESS upon success, otherwise SSL_FAILURE. Possible failure causes may be that the file is in the wrong format, the format argument was given incorrectly, the file doesn't exist, can't be read, or is corrupted, an out of memory condition occurs, the Base16 decoding fails on the file, or the key file is encrypted but no password is provided.
        Throws:
        java.lang.IllegalStateException - WolfSSLContext has been freed
        java.lang.NullPointerException - Input file is null
        See Also:
        WolfSSLSession.usePrivateKeyFile(String, int)

      • loadVerifyLocations

        public int loadVerifyLocations​(java.lang.String file,
                               java.lang.String path)
                        throws java.lang.IllegalStateException,
                               java.lang.NullPointerException
        Loads PEM-formatted CA certificates into the SSL context. These certificates will be treated as trusted root certificates and used to verify certs received from peers during the SSL handshake.

        The root certificate provided by the file paramter may be a single certificate or a file containing multiple certificates. If multiple CA certs are included in the same file, wolfSSL will load them in the same order which they are presented in the file. The path parameter is a directory path which contains certificates of trusted root CAs. If the value of file is not NULL, path may be specified as null if not needed. If path is specified, and NO_WOLFSSL_DIR is defined when building the library, wolfSSL will load all CA certificates located in the given directory.

        Parameters:
        file - path to the file containing PEM-formatted CA certificates
        path - path to directory containing PEM-formatted CA certificates to load
        Returns:
        SSL_SUCCESS on success. Otherwise
        SSL_FAILURE if ctx is null, or if both file and path are null.
        SSL_BAD_FILETYPE if the file is in the wrong format.
        SSL_BAD_FILE if the file doesn't exist, can't be read, or is corrupted.
        MEMORY_E if an out of memory condition occurs.
        ASN_INPUT_E if Base16 decoding fails on the file.
        BUFFER_E if a chain buffer is bigger than the recieving buffer.
        BAD_PATH_ERROR if the native opendir() function call fails when trying to open path.
        Throws:
        java.lang.IllegalStateException - WolfSSLContext has been freed
        java.lang.NullPointerException - Input file and path are null
        See Also:
        useCertificateFile(String, int), usePrivateKeyFile(String, int), useCertificateChainFile(String), WolfSSLSession.useCertificateFile(String, int), WolfSSLSession.usePrivateKeyFile(String, int), WolfSSLSession.useCertificateChainFile(String)

      • useCertificateChainFile

        public int useCertificateChainFile​(java.lang.String file)
                            throws java.lang.IllegalStateException,
                                   java.lang.NullPointerException
        Loads a chain of certificates into the SSL context. The file containing the certificate chain is provided by the file parameter and must contain PEM-formatted certificates. This function will process up to MAX_CHAIN_DEPTH (default = 9, defined in internal.h) certificates, plus the subject cert.
        Parameters:
        file - path to the file containing the chain of certificates to be loaded into the wolfSSL SSL context. Certificates must be in PEM format.
        Returns:
        SSL_SUCCESS on success, otherwise SSL_FAILURE. If the function call fails, possible causes might include: the file is in the wrong format, the file doesn't exist, can't be read, or is corrupted, or an out of memory condition occurs.
        Throws:
        java.lang.IllegalStateException - WolfSSLContext has been freed
        java.lang.NullPointerException - Input file is null
        See Also:
        useCertificateFile(String, int), WolfSSLSession.useCertificateFile(String, int)

      • setVerify

        public void setVerify​(int mode,
                      WolfSSLVerifyCallback callback)
               throws java.lang.IllegalStateException
        Sets the verification method for remote peers and also allows a verify callback to be registered with the SSL session. If no verify callback is desired, null can be used for callback.

        The verification mode of peer certificates is a logically OR'd list of flags. The possible flag values include:

        SSL_VERIFY_NONE
        Client mode: the client will not verify the certificate received from teh server and the handshake will continue as normal.
        Server mode: the server will not send a certificate request to the client. As such, client verification will not be enabled.

        SSL_VERIFY_PEER
        Client mode: the client will verify the certificate received from the server during the handshake. This is turned on by default in wolfSSL, therefore, using this option has no effect.
        Server mode: the server will send a certificate request to the client and verify the client certificate received.

        SSL_VERIFY_FAIL_IF_NO_PEER_CERT
        Client mode: no effect when used on the client side.
        Server mode: the verification will fail on the server side if the client fails to send a certificate when requested to do so (when using SSL_VERIFY_PEER on the SSL server).

        Parameters:
        mode - verification type
        callback - custom verification callback to register with the SSL session. If no callback is desired, null may be used.
        Throws:
        java.lang.IllegalStateException - WolfSSLContext has been freed

      • setOptions

        public long setOptions​(long op)
                throws java.lang.IllegalStateException
        Sets the options to use for the WOLFSSL structure. Example options are WolfSSL.SSL_OP_NO_SSLv3
        Parameters:
        op - bit mask of options to set
        Returns:
        returns the revised options bit mask on success
        Throws:
        java.lang.IllegalStateException - WolfSSLContext has been freed

      • getOptions

        public long getOptions()
                throws java.lang.IllegalStateException
        Gets the options to use for the WOLFSSL structure. Example options are WolfSSL.SSL_OP_NO_SSLv3
        Returns:
        returns options bit mask on success
        Throws:
        java.lang.IllegalStateException - WolfSSLContext has been freed

      • free

        public void free()
          throws java.lang.IllegalStateException
        Frees an allocated SSL context. This method decrements the CTX reference count and only frees the context when the reference count has reached zero.
        Throws:
        java.lang.IllegalStateException - WolfSSLContext has been freed
        See Also:
        WolfSSLSession.freeSSL()

      • setCacheSize

        public long setCacheSize​(long sz)
                  throws java.lang.IllegalStateException
        Cache size is set at compile time.This function returns the current cache size which has been set at compile time. An example of macros to set cache size are HUGE_SESSION_CACHE and SMALL_SESSION_CACHE.
        Parameters:
        sz - unused size to set cache as
        Returns:
        size of compile time cache.
        Throws:
        java.lang.IllegalStateException - WolfSSLContext has been freed

      • getCacheSize

        public long getCacheSize()
                  throws java.lang.IllegalStateException
        Gets the cache size is set at compile time. This function returns the current cache size which has been set at compile time.
        Returns:
        size of compile time cache.
        Throws:
        java.lang.IllegalStateException - WolfSSLContext has been freed

      • setCipherList

        public int setCipherList​(java.lang.String list)
                  throws java.lang.IllegalStateException,
                         java.lang.NullPointerException
        Sets the cipher suite list for a given SSL context. This cipher suite list becomes the default list for any new SSL sessions created using this context. The ciphers in the list should be sorted in order of preference from highest to lowest. Each call to ctxSetCipherList() resets the cipher suite list for the specific SSL context to the provided list each time time the method is called.

        The cipher suite list, list, is a null-terminated text String, and colon-delimited list. For example, one possible list may be:

        "DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256"

        Valid cipher values are the full name values from the cipher_names[] array in the native wolfSSL src/internal.c:

        Parameters:
        list - null-terminated text string and colon-delimited list of cipher suites to use with the specified SSL context.
        Returns:
        SSL_SUCCESS upon success. SSL_FAILURE upon failure.
        Throws:
        java.lang.IllegalStateException - WolfSSLContext has been freed
        java.lang.NullPointerException - Input list is null
        See Also:
        WolfSSLSession.setCipherList(String)

      • useCertificateChainBufferFormat

        public int useCertificateChainBufferFormat​(byte[] in,
                                           long sz,
                                           int format)
                                    throws java.lang.IllegalStateException,
                                           WolfSSLJNIException
        Loads a certificate chain buffer into the SSL context in specific format. This method behaves like the non-buffered version, only differing in its ability to be called with a buffer as input instead of a file. This function is similar to useCertificateChainBuffer(), but allows the input format to be specified. The format must be either DER or PEM, and start with the subject's certificate, ending with the root certificate.
        Parameters:
        in - the input buffer containing the PEM-formatted certificate chain to be loaded.
        sz - the size of the input buffer, in
        format - format of the certificate buffer being loaded - either SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1
        Returns:
        SSL_SUCCESS upon success, SSL_FAILURE upon general failure, SSL_BAD_FILETYPE if the file is in the wrong format, SSL_BAD_FILE if the file doesn't exist, can't be read, or is corrupted. MEMORY_E if an out of memory condition occurs, ASN_INPUT_E if Base16 decoding fails on the file, BUFFER_E if a chain buffer is bigger than the receiving buffer, and BAD_FUNC_ARG if invalid input arguments are provided.
        Throws:
        java.lang.IllegalStateException - WolfSSLContext has been freed
        WolfSSLJNIException - Internal JNI error
        See Also:
        loadVerifyBuffer(byte[], long, int), useCertificateBuffer(byte[], long, int), usePrivateKeyBuffer(byte[], long, int), WolfSSLSession.useCertificateBuffer(byte[], long, int), WolfSSLSession.usePrivateKeyBuffer(byte[], long, int), WolfSSLSession.useCertificateChainBuffer(byte[], long)

      • setGroupMessages

        public int setGroupMessages()
                     throws java.lang.IllegalStateException
        Turns on grouping of the handshake messages where possible using the SSL context.
        Returns:
        SSL_SUCCESS upon success. BAD_FUNC_ARG if the input context is null.
        Throws:
        java.lang.IllegalStateException - WolfSSLContext has been freed
        See Also:
        WolfSSLSession.setGroupMessages()

      • setIORecv

        public void setIORecv​(WolfSSLIORecvCallback callback)
               throws java.lang.IllegalStateException,
                      WolfSSLJNIException
        Registers a receive callback for wolfSSL to get input data. By default, wolfSSL uses EmbedReceive() in src/io.c as the callback. This uses the system's TCP recv() function. The user can register a function to get input from memory, some other network module, or from anywhere. Please see the EmbedReceive() function in src/io.c as a guide for how the function should work and for error codes.

        In particular, IO_ERR_WANT_READ should be returned for non-blocking receive when no data is ready.

        Parameters:
        callback - method to be registered as the receive callback for the wolfSSL context. The signature of this function must follow that as shown in WolfSSLIORecvCallback#receiveCallback(WolfSSLSession, byte[], int, long).
        Throws:
        java.lang.IllegalStateException - WolfSSLContext has been freed
        WolfSSLJNIException - Internal JNI error
        See Also:
        setIOSend(WolfSSLIOSendCallback)

      • setIOSend

        public void setIOSend​(WolfSSLIOSendCallback callback)
               throws java.lang.IllegalStateException,
                      WolfSSLJNIException
        Registers a send callback for wolfSSL to write output data. By default, wolfSSL uses EmbedSend() in src/io.c as the callback, which uses the system's TCP send() function. The user can register a function to send output to memory, some other network module, or to anywhere. Please see the EmbedSend() function in src/io.c as a guide for how the function should work and for error codes.

        In particular, IO_ERR_WANT_WRITE should be returned for non-blocking send when the action cannot be taken yet.

        Parameters:
        callback - method to be registered as the send callback for the wolfSSL context. The signature of this function must follow that as shown in WolfSSLIOSendCallback#sendCallback(WolfSSLSession, byte[], int, Object).
        Throws:
        java.lang.IllegalStateException - WolfSSLContext has been freed
        WolfSSLJNIException - Internal JNI error
        See Also:
        setIORecv(WolfSSLIORecvCallback)

      • setGenCookie

        public void setGenCookie​(WolfSSLGenCookieCallback callback)
                  throws java.lang.IllegalStateException,
                         WolfSSLJNIException
        Registers a DTLS cookie generation callback. By default, wolfSSL uses EmbedGenerateCookie() in src/io.c as the callback, which does a SHA hash of the peer's address and port. This method can be used to register a custom cookie generation callback, which is needed when the application is using custom I/O callbacks.

        The cookie generation callback should return the size of the resulting cookie (normally, the size of the SHA hash generated), or WolfSSL.GEN_COOKIE_E upon error.

        Parameters:
        callback - method to be registered as the cookie generation callback for the wolfSSL context. The signature of this function must follow that as shown in WolfSSLGenCookieCallback#genCookieCallback( WolfSSLSession, byte[], int, Object).
        Throws:
        java.lang.IllegalStateException - WolfSSLContext has been freed
        WolfSSLJNIException - Internal JNI error

      • enableCRL

        public int enableCRL​(int options)
              throws java.lang.IllegalStateException
        Turns on Certificate Revocation List (CRL) checking when verifying certificates for the specified Context. By default, CRL checking is off. options include WOLFSSL_CRL_CHECKALL which performs CRL checking on each certificate in the chain versus the leaf certificate only (which is default).
        Parameters:
        options - options to use when enabling CRL
        Returns:
        SSL_SUCCESS upon success. NOT_COMPILED_IN if wolfSSL was not compiled with CRL enabled. MEMORY_E if an out of memory condition occurs. BAD_FUNC_ARG if a pointer is not provided, and SSL_FAILURE if the CRL context cannot be initialized properly.
        Throws:
        java.lang.IllegalStateException - WolfSSLContext has been freed
        See Also:
        WolfSSLSession.enableCRL(int), WolfSSLSession.disableCRL(), WolfSSLSession.loadCRL(String, int, int), WolfSSLSession.setCRLCb(WolfSSLMissingCRLCallback), disableCRL(), setCRLCb(WolfSSLMissingCRLCallback)

      • loadCRL

        public int loadCRL​(java.lang.String path,
                   int type,
                   int monitor)
            throws java.lang.IllegalStateException
        Loads CRL files into wolfSSL from the specified path, using the specified Context. This method loads a list of CRL files into wolfSSL. The files can be in either PEM or DER format, as specified by the type parameter.
        Parameters:
        path - path to directory containing CRL files
        type - type of files in path, either SSL_FILETYPE_PEM or SSL_FILETYPE_ASN1 .
        monitor - OR'd list of flags to indicate if wolfSSL should monitor the provided CRL directory for changes. Flag values include WOLFSSL_CRL_MONITOR to indicate that the directory should be monitored and WOLFSSL_CRL_START_MON to start the monitor.
        Returns:
        SSL_SUCCESS upon success
        SSL_FATAL_ERROR if enabling the internal CertManager fails
        BAD_FUNC_ARG if the SSL pointer is null
        BAD_PATH_ERROR if there is an error opening the provided directory
        MEMORY_E if a memory error occurred
        MONITOR_RUNNING_E if the CRL monitor is already running
        THREAD_CREATE_E if there was an error when creating the CRL monitoring thread.
        Throws:
        java.lang.IllegalStateException - WolfSSLContext has been freed
        See Also:
        WolfSSLSession.enableCRL(int), WolfSSLSession.disableCRL(), WolfSSLSession.loadCRL(String, int, int), WolfSSLSession.setCRLCb(WolfSSLMissingCRLCallback), enableCRL(int), disableCRL(), setCRLCb(WolfSSLMissingCRLCallback)

      • enableOCSP

        public int enableOCSP​(long options)
               throws java.lang.IllegalStateException
        Enable OCSP functionality for this context, set options. The value of options is formed by OR'ing one or more of the following options:
        WOLFSSL_OCSP_NO_NONCE - disable sending OCSP nonce
        WOLFSSL_OCSP_URL_OVERRIDE - use the override URL instead of the URL in certificates
        This function only sets the OCSP options when wolfSSL has been compiled with OCSP support (--enable-ocsp, #define HAVE_OCSP).
        Parameters:
        options - value used to set the OCSP options
        Returns:
        SSL_SUCCESS upon success, SSL_FAILURE upon failure, BAD_FUNC_ARG if context is null, MEMORY_E upon memory error, NOT_COMPILED_IN when this function has been called, but OCSP support was not enabled when wolfSSL was compiled.
        Throws:
        java.lang.IllegalStateException - WolfSSLContext has been freed
        See Also:
        disableOCSP(long), setOCSPOverrideUrl(String)

      • disableOCSP

        public int disableOCSP()
                throws java.lang.IllegalStateException
        Disable OCSP for this context.
        Returns:
        SSL_SUCCESS upon success, BAD_FUNC_ARG if context is null,
        Throws:
        java.lang.IllegalStateException - WolfSSLContext has been freed
        See Also:
        enableOCSP(long), setOCSPOverrideUrl(String)

      • setOCSPOverrideUrl

        public int setOCSPOverrideUrl​(java.lang.String url)
                       throws java.lang.IllegalStateException,
                              java.lang.NullPointerException
        Manually sets the URL for OCSP to use. By default, OCSP will use the URL found in the individual certificate unless the WOLFSSL_OCSP_URL_OVERRIDE option is set using the setOCSPOptions() method.
        Parameters:
        url - the OCSP override URL for wolfSSL to use
        Returns:
        SSL_SUCCESS upon success, SSL_FAILURE upon failure, NOT_COMPILED_IN when this function has been called, but OCSP support was not enabled when wolfSSL was compiled.
        Throws:
        java.lang.IllegalStateException - WolfSSLContext has been freed
        java.lang.NullPointerException - Input URL is null
        See Also:
        enableOCSP(long), disableOCSP(long)

      • setMacEncryptCb

        public void setMacEncryptCb​(WolfSSLMacEncryptCallback callback)
                     throws java.lang.IllegalStateException,
                            WolfSSLJNIException
        Allows caller to set the Atomic User Record Processing Mac/Encrypt Callback. The callback should return 0 for success, or less than 0 for an error. The ssl and ctx pointers are available for the users convenience. macOut is the output buffer where the result of the mac should be stored. macIn is the mac input buffer and macinSz notes the size of the buffer. macContent and macVerify are needed for setTlsHmacInner() and can be passed along as-is. encOut is the output buffer where the result on encryption should be stored. encIn is the input buffer to encrypt while encSz is the size of the input.

        An example Java callback can be found in examples/MyMacEncryptCallback.java.

        Parameters:
        callback - object to be registered as the MAC/encrypt callback for the WolfSSL context. The signature of this object and corresponding method must match that as shown in WolfSSLMacEncryptCallback.java, with macEncryptCallback().
        Throws:
        java.lang.IllegalStateException - WolfSSLContext has been freed
        WolfSSLJNIException - Internal JNI error
        See Also:
        setDecryptVerifyCb(WolfSSLDecryptVerifyCallback)

      • setDecryptVerifyCb

        public void setDecryptVerifyCb​(WolfSSLDecryptVerifyCallback callback)
                        throws java.lang.IllegalStateException,
                               WolfSSLJNIException
        Allows caller to set the Atomic Record Processing Decrypt/Verify Callback. The callback should return 0 for success, or a negative value for an error. The ssl and ctx pointers are available for the users convenience. decOut is the output buffer where the result of the decryption should be stored. decIn is the encrypted input buffer and decInSz notes the size of the buffer. context and verify are needed for setTlsHmacInner() and can be passed along as-is. padSz is an output variable, where the first element in the array should be set with the total value of the padding. That is, the mac size plus any padding and pad bytes. An example callback can be found in examples/MyDecryptVerifyCallback.java.
        Parameters:
        callback - object to be registered as the decrypt/verify callback for the WolfSSL context. The signature of this object and corresponding method must match that as shown in WolfSSLDecryptVerifyCallback.java, inside decryptVerifyCallback().
        Throws:
        java.lang.IllegalStateException - WolfSSLContext has been freed
        WolfSSLJNIException - Internal JNI error
        See Also:
        setMacEncryptCb(WolfSSLMacEncryptCallback)

      • setEccSignCb

        public void setEccSignCb​(WolfSSLEccSignCallback callback)
                  throws java.lang.IllegalStateException,
                         WolfSSLJNIException
        Allows caller to set the Public Key Callback for ECC Signing. The callback should return 0 for success or a negative value for an error. The ssl and ctx pointers are available for the users convenience. in is the inptu buffer to sign while inSz denotes the length of the input. out is the output buffer where the result of the signature should be stored. outSz is an input/output variable that specifies the size of the output buffer upon invocation and the actual size of the signature should be stored there before returning. keyDer is the ECC Private key in ASN1 format and keySz is the length of the key in bytes. An example callback can be found in examples/MyEccSignCallback.java.
        Parameters:
        callback - object to be registered as the ECC signing callback for the WolfSSL context. The signature of this object and corresponding method must match that as shown in WolfSSLEccSignCallback.java, inside eccSignCallback().
        Throws:
        java.lang.IllegalStateException - WolfSSLContext has been freed
        WolfSSLJNIException - Internal JNI error
        See Also:
        WolfSSLSession.setEccSignCtx(Object)

      • setEccVerifyCb

        public void setEccVerifyCb​(WolfSSLEccVerifyCallback callback)
                    throws java.lang.IllegalStateException,
                           WolfSSLJNIException
        Allows caller to set the Public Key Callback for ECC Verification. The callback should return 0 for success or a negative value for an error. The ssl and ctx pointers are available for the users convenience. sig is the signature to verify and sigSz denotes the length of the signature. hash is an input buffer containing the digest of the message and hashSz denotes the length in bytes of the hash. result is an output variable where the result of the verification should be stored, 1 for success and 0 for failure. keyDer is the ECC Private key in ASN1 format and keySz is the length of the key in bytes. An example callback can be found in examples/MyEccVerifyCallback.java.
        Parameters:
        callback - object to be registered as the ECC verification callback for the WolfSSL context. The signature of this object and corresponding method must match that as shown in WolfSSLEccVerifyCallback.java, inside eccVerifyCallback().
        Throws:
        java.lang.IllegalStateException - WolfSSLContext has been freed
        WolfSSLJNIException - Internal JNI error
        See Also:
        WolfSSLSession.setEccVerifyCtx(Object)

      • setEccSharedSecretCb

        public void setEccSharedSecretCb​(WolfSSLEccSharedSecretCallback callback)
                          throws java.lang.IllegalStateException,
                                 WolfSSLJNIException
        Allows caller to set the Public Key Callback for ECC shared secret. The callback should return 0 for success or a negative value for an error. The ssl and ctx pointers are available for the users convenience. otherKey is ByteBuffer with behavior that depends on if the callback is called from the client or server side. If side indicates client side, otherKey holds the server public key for use with shared secret generation. If side indicates server side, otherKey holds the server's private key. pubKeyDer behavior is also dependent on side. On the client side, it is used as output for the client to write a DER-encoded public key. On the server side, it is used as an input buffer containing a DER-encoded public key of the peer (client). out is where the generated shared secret should be placed. side represents the side from which this callback was called. Can be either WolfSSL.WOLFSSL_CLIENT_END or WolfSSL.WOLFSSL_SERVER_END. An example callback can be found in examples/MyEccSharedSecretCallback.java
        Parameters:
        callback - object to be registered as the ECC shared secret callback for the WolfSSL context. The signature of this object and corresponding method must match that as shown in WolfSSLEccSharedSecretCallback.java, inside eccSharedSecretCallback().
        Throws:
        java.lang.IllegalStateException - WolfSSLContext has been freed
        WolfSSLJNIException - Internal JNI error
        See Also:
        WolfSSLSession.setEccSignCtx(Object), WolfSSLSession.setEccVerifyCtx(Object)

      • setRsaSignCb

        public void setRsaSignCb​(WolfSSLRsaSignCallback callback)
                  throws java.lang.IllegalStateException,
                         WolfSSLJNIException
        Allows caller to set the Public Key Callback for RSA Signing. The callback should return 0 for success or a negative value for an error. The ssl and ctx pointers are available for the users convenience. in is the input buffer to sign while inSz denotes the length of the input. out is the output buffer where the result of the signature should be stored. outSz is an input/output variable that specifies the size of the output buffer upon invocation. The actual size of the signature should be stored there before returning. keyDer is the RSA Private key in ASN1 format and keySz is the length of the key in bytes. An example callback can be found in examples/MyRsaSignCallback.java.
        Parameters:
        callback - object to be registered as the RSA signing callback for the WolfSSL context. The signature of this object and corresponding method must match that as shown in WolfSSLRsaSignCallback.java, inside rsaSignCallback().
        Throws:
        java.lang.IllegalStateException - WolfSSLContext has been freed
        WolfSSLJNIException - Internal JNI error
        See Also:
        WolfSSLSession.setRsaSignCtx(Object)

      • setRsaVerifyCb

        public void setRsaVerifyCb​(WolfSSLRsaVerifyCallback callback)
                    throws java.lang.IllegalStateException,
                           WolfSSLJNIException
        Allows caller to set the Public Key Callback for RSA Verification. The callback should return the number of plaintext bytes for success or a negative value for an error. The ssl and ctx pointers are available for the users convenience. sig is the signature to verify and sigSz denotes the length of the signature. out should be set to the beginning of the verification buffer after the decryption process and any padding. outSz denotes the size size of the output buffer. keyDer is the RSA Public key in ASN1 format and keySz is the length of the key in bytes. An example can be found in examples/MyRsaVerifyCallback.java.
        Parameters:
        callback - object to be registered as the RSA verify callback for the WolfSSL context. The signature of this object and corresponding method must match that as shown in WolfSSLRsaVerifyCallback.java, inside rsaVerifyCallback().
        Throws:
        java.lang.IllegalStateException - WolfSSLContext has been freed
        WolfSSLJNIException - Internal JNI error
        See Also:
        WolfSSLSession.setRsaVerifyCtx(Object)

      • setRsaEncCb

        public void setRsaEncCb​(WolfSSLRsaEncCallback callback)
                 throws java.lang.IllegalStateException,
                        WolfSSLJNIException
        Allows caller to set the Public Key Callback for RSA Public Encrypt. The callback should return 0 for success or negative value for an error. The ssl and ctx objects are available for the users convenience. in is the input buffer to encrypt while inSz denotes the length of the input. out is the output buffer where the result of the encryption should be stored. outSz is an input/output variable that specifies the size of the output buffer upon invocation and the actual size of the encryption should be stored there before returning. keyDer is the RSA Public key in ASN1 format and keySz is the length of the key in bytes. An example callback can be found in examples/MyRsaEncCallback.java.
        Parameters:
        callback - object to be registered as the RSA public encrypt callback for the WolfSSL context. The signature of this object and corresponding method must match that as shown in WolfSSLRsaEncCallback.java, inside rsaEncCallback().
        Throws:
        java.lang.IllegalStateException - WolfSSLContext has been freed
        WolfSSLJNIException - Internal JNI exception
        See Also:
        WolfSSLSession.setRsaEncCtx(Object)

      • setRsaDecCb

        public void setRsaDecCb​(WolfSSLRsaDecCallback callback)
                 throws java.lang.IllegalStateException,
                        WolfSSLJNIException
        Allows caller to set the Public Key for RSA Private Decrypt. The callback should return the number of plaintext bytes for success or a negative value for an error. The ssl and ctx parameters are available for the users convenience. in is the input buffer to decrypt and inSz denotes the length of the input. out should be the decrypted buffer after the decryption process and any padding, with outSz denoting the size of the output buffer. keyDer is the RSA Private key in ASN1 format and keySz is the length of the key in bytes. An example callback can be found in examples/MyRsaDecCallback.java.
        Parameters:
        callback - object to be registered as the RSA private decrypt callback for the WolfSSL context. The signature of this object and corresponding method must match that as shown in WolfSSLRsaDecCallback.java, inside rsaDecCallback().
        Throws:
        java.lang.IllegalStateException - WolfSSLContext has been freed
        WolfSSLJNIException - Internal JNI error
        See Also:
        WolfSSLSession.setRsaDecCtx(Object)

      • finalize

        protected void finalize()
                 throws java.lang.Throwable
        Overrides:
        finalize in class java.lang.Object
        Throws:
        java.lang.Throwable