Package io.netty.internal.tcnative

Class SSLCredential

  • public final class SSLCredential
extends java.lang.Object
    SSL_CREDENTIAL management for BoringSSL. This class provides methods to create and manage SSL_CREDENTIAL objects, which are used to configure credentials for SSL/TLS connections in BoringSSL.

    This API is only supported when using BoringSSL. For usage instructions and detailed documentation, see the BoringSSL SSL_CREDENTIAL documentation.

    SSL_CREDENTIAL objects allow fine-grained control over certificate and private key configuration, including support for multiple credentials, delegated credentials, and SPAKE2+ authentication.

    • Constructor Summary

      Constructors 
      Modifier Constructor Description
      private SSLCredential()  

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static void free​(long cred)
      Free an SSL_CREDENTIAL and decrement its reference count.
      static long newDelegated()
      Create a new delegated SSL_CREDENTIAL.
      static long newX509()
      Create a new X509 SSL_CREDENTIAL.
      static void setCertChain​(long cred, long chain)
      Set the certificate chain for an SSL_CREDENTIAL.
      static void setCertificateProperties​(long cred, byte[] properties)
      Set the certificate properties for an SSL_CREDENTIAL.
      static void setDelegatedCredential​(long cred, byte[] delegatedCred)
      Set the delegated credential for an SSL_CREDENTIAL.
      static void setMustMatchIssuer​(long cred, boolean mustMatch)
      Set whether the issuer must match for an SSL_CREDENTIAL.
      static void setOcspResponse​(long cred, byte[] response)
      Set the OCSP response for an SSL_CREDENTIAL.
      static void setPrivateKey​(long cred, long key)
      Set the private key for an SSL_CREDENTIAL.
      static void setSignedCertTimestampList​(long cred, byte[] sctList)
      Set the signed certificate timestamp list for an SSL_CREDENTIAL.
      static void setSigningAlgorithmPrefs​(long cred, int[] prefs)
      Set the signing algorithm preferences for an SSL_CREDENTIAL.
      static void setTrustAnchorId​(long cred, byte[] id)
      Set the trust anchor ID for an SSL_CREDENTIAL.
      static void upRef​(long cred)
      Increment the reference count of an SSL_CREDENTIAL.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • SSLCredential

        private SSLCredential()

    • Method Detail

      • newX509

        public static long newX509()
                    throws java.lang.Exception
        Create a new X509 SSL_CREDENTIAL.

        This is a BoringSSL-specific feature. See SSL_CREDENTIAL_new_x509 for detailed documentation.

        Returns:
        the SSL_CREDENTIAL instance (SSL_CREDENTIAL *)
        Throws:
        java.lang.Exception - if an error occurred

      • upRef

        public static void upRef​(long cred)
                  throws java.lang.Exception
        Increment the reference count of an SSL_CREDENTIAL.

        This is a BoringSSL-specific feature. See SSL_CREDENTIAL_up_ref for detailed documentation.

        Parameters:
        cred - the SSL_CREDENTIAL instance (SSL_CREDENTIAL *)
        Throws:
        java.lang.Exception - if an error occurred

      • free

        public static void free​(long cred)
                 throws java.lang.Exception
        Free an SSL_CREDENTIAL and decrement its reference count.

        This is a BoringSSL-specific feature. See SSL_CREDENTIAL_free for detailed documentation.

        Parameters:
        cred - the SSL_CREDENTIAL instance (SSL_CREDENTIAL *)
        Throws:
        java.lang.Exception - if an error occurred

      • setPrivateKey

        public static void setPrivateKey​(long cred,
                                 long key)
                          throws java.lang.Exception
        Set the private key for an SSL_CREDENTIAL.

        This is a BoringSSL-specific feature. See SSL_CREDENTIAL_set1_private_key for detailed documentation.

        Parameters:
        cred - the SSL_CREDENTIAL instance (SSL_CREDENTIAL *)
        key - the private key (EVP_PKEY *)
        Throws:
        java.lang.Exception - if an error occurred

      • setCertChain

        public static void setCertChain​(long cred,
                                long chain)
                         throws java.lang.Exception
        Set the certificate chain for an SSL_CREDENTIAL.

        This is a BoringSSL-specific feature. See SSL_CREDENTIAL_set1_cert_chain for detailed documentation.

        Parameters:
        cred - the SSL_CREDENTIAL instance (SSL_CREDENTIAL *)
        chain - the certificate chain (STACK_OF(CRYPTO_BUFFER) *)
        Throws:
        java.lang.Exception - if an error occurred

      • setOcspResponse

        public static void setOcspResponse​(long cred,
                                   byte[] response)
                            throws java.lang.Exception
        Set the OCSP response for an SSL_CREDENTIAL.

        This is a BoringSSL-specific feature. See SSL_CREDENTIAL_set1_ocsp_response for detailed documentation.

        Parameters:
        cred - the SSL_CREDENTIAL instance (SSL_CREDENTIAL *)
        response - the OCSP response bytes
        Throws:
        java.lang.Exception - if an error occurred

      • setSigningAlgorithmPrefs

        public static void setSigningAlgorithmPrefs​(long cred,
                                            int[] prefs)
                                     throws java.lang.Exception
        Set the signing algorithm preferences for an SSL_CREDENTIAL.

        This is a BoringSSL-specific feature. See SSL_CREDENTIAL_set1_signing_algorithm_prefs for detailed documentation.

        Parameters:
        cred - the SSL_CREDENTIAL instance (SSL_CREDENTIAL *)
        prefs - the signing algorithm preferences
        Throws:
        java.lang.Exception - if an error occurred

      • setCertificateProperties

        public static void setCertificateProperties​(long cred,
                                            byte[] properties)
                                     throws java.lang.Exception
        Set the certificate properties for an SSL_CREDENTIAL.

        This is a BoringSSL-specific feature. See SSL_CREDENTIAL_set1_certificate_properties for detailed documentation.

        Parameters:
        cred - the SSL_CREDENTIAL instance (SSL_CREDENTIAL *)
        properties - the certificate properties
        Throws:
        java.lang.Exception - if an error occurred

      • setSignedCertTimestampList

        public static void setSignedCertTimestampList​(long cred,
                                              byte[] sctList)
                                       throws java.lang.Exception
        Set the signed certificate timestamp list for an SSL_CREDENTIAL.

        This is a BoringSSL-specific feature. See SSL_CREDENTIAL_set1_signed_cert_timestamp_list for detailed documentation.

        Parameters:
        cred - the SSL_CREDENTIAL instance (SSL_CREDENTIAL *)
        sctList - the signed certificate timestamp list
        Throws:
        java.lang.Exception - if an error occurred

      • setMustMatchIssuer

        public static void setMustMatchIssuer​(long cred,
                                      boolean mustMatch)
                               throws java.lang.Exception
        Set whether the issuer must match for an SSL_CREDENTIAL.

        This is a BoringSSL-specific feature. See SSL_CREDENTIAL_set_must_match_issuer for detailed documentation.

        Parameters:
        cred - the SSL_CREDENTIAL instance (SSL_CREDENTIAL *)
        mustMatch - true if issuer must match, false otherwise
        Throws:
        java.lang.Exception - if an error occurred

      • setTrustAnchorId

        public static void setTrustAnchorId​(long cred,
                                    byte[] id)
                             throws java.lang.Exception
        Set the trust anchor ID for an SSL_CREDENTIAL.

        This is a BoringSSL-specific feature for trust anchor configuration. See SSL_CREDENTIAL_set1_trust_anchor_id for detailed documentation.

        Parameters:
        cred - the SSL_CREDENTIAL instance (SSL_CREDENTIAL *)
        id - the trust anchor ID
        Throws:
        java.lang.Exception - if an error occurred

      • newDelegated

        public static long newDelegated()
                         throws java.lang.Exception
        Create a new delegated SSL_CREDENTIAL.

        This is a BoringSSL-specific feature for delegated credential support. See SSL_CREDENTIAL_new_delegated for detailed documentation.

        Returns:
        the delegated SSL_CREDENTIAL instance (SSL_CREDENTIAL *)
        Throws:
        java.lang.Exception - if an error occurred

      • setDelegatedCredential

        public static void setDelegatedCredential​(long cred,
                                          byte[] delegatedCred)
                                   throws java.lang.Exception
        Set the delegated credential for an SSL_CREDENTIAL.

        This is a BoringSSL-specific feature for delegated credential configuration. See SSL_CREDENTIAL_set1_delegated_credential for detailed documentation.

        Parameters:
        cred - the SSL_CREDENTIAL instance (SSL_CREDENTIAL *)
        delegatedCred - the delegated credential bytes
        Throws:
        java.lang.Exception - if an error occurred