Skip to content

Add JSSE-level PSK support via WolfSSLParameters#340

Merged
rlm2002 merged 1 commit intowolfSSL:masterfrom
cconlon:jssePsk
Mar 18, 2026
Merged

Add JSSE-level PSK support via WolfSSLParameters#340
rlm2002 merged 1 commit intowolfSSL:masterfrom
cconlon:jssePsk

Conversation

@cconlon
Copy link
Copy Markdown
Member

@cconlon cconlon commented Mar 6, 2026

This PR adds Pre-Shared Key (PSK) support to the JSSE layer inside wolfJSSE.

Changes include:

  • Make WolfSSLParameters extend SSLParameters so PSK settings can be configured through the standard setSSLParameters() API on SSLSocket and SSLEngine
  • Add PSK client/server callback, identity hint, and keepArrays fields to WolfSSLParameters with public getters/setters
  • Wire PSK fields through WolfSSLParametersHelper.importParams() and WolfSSLEngineHelper.setLocalPskSettings() to apply them to the native WOLFSSL session
  • Add 4 PSK example apps (SSLSocket and SSLEngine, client and server)

Usage

Configure PSK on any SSLSocket or SSLEngine using WolfSSLParameters:

SSLContext ctx = SSLContext.getInstance("TLSv1.2", "wolfJSSE");
ctx.init(null, null, null);

SSLSocket sock = (SSLSocket)ctx.getSocketFactory().createSocket(host, port);

WolfSSLParameters params = new WolfSSLParameters();
params.setPskClientCb(myPskClientCallback);
params.setCipherSuites(new String[]{"TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256"});
sock.setSSLParameters(params);

sock.startHandshake();

Server side uses setPskServerCb() and optionally setPskIdentityHint(). setKeepArrays(true) can be set to keep handshake arrays for post-handshake access. Works with both SSLSocket and SSLEngine.

Examples

See the new example apps added in this PR for usage on SSLSocket and SSLEngine:

examples/provider/PskClientSocket.java
examples/provider/PskServerSocket.java
examples/provider/PskClientEngine.java
examples/provider/PskServerEngine.java

@cconlon cconlon self-assigned this Mar 6, 2026
Copilot AI review requested due to automatic review settings March 6, 2026 00:13
Copilot AI reviewed Mar 6, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds JSSE-level PSK configuration support by making WolfSSLParameters usable with standard setSSLParameters() on SSLSocket/SSLEngine, wiring PSK settings into engine setup, and providing tests/examples to validate usage.

Changes:

  • Make WolfSSLParameters extend SSLParameters and add PSK-related fields with getters/setters.
  • Import/propagate PSK settings through WolfSSLParametersHelper and apply them in WolfSSLEngineHelper.
  • Add JUnit coverage and new SSLSocket/SSLEngine PSK example apps + documentation.

Reviewed changes

Copilot reviewed 15 out of 15 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
src/test/com/wolfssl/provider/jsse/test/WolfSSLParametersPskTest.java Adds JUnit tests validating PSK configuration via WolfSSLParameters and handshake success.
src/test/com/wolfssl/provider/jsse/test/WolfSSLJSSETestSuite.java Registers the new PSK test in the overall test suite.
src/java/com/wolfssl/provider/jsse/adapter/WolfSSLJDK8Helper.java Updates SNI server-name handling to the renamed wolfSSL-specific SNI storage API.
src/java/com/wolfssl/provider/jsse/WolfSSLParametersHelper.java Imports PSK fields when SSLParameters is actually a WolfSSLParameters.
src/java/com/wolfssl/provider/jsse/WolfSSLParameters.java Makes parameters interoperable with JSSE APIs and introduces PSK configuration fields.
src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java Applies PSK callbacks/identity hint/keepArrays from WolfSSLParameters to the native session.
examples/provider/README.md Documents the new PSK example applications.
examples/provider/PskServerSocket.sh Adds run script for SSLSocket PSK server example.
examples/provider/PskServerSocket.java Adds SSLSocket PSK server example using WolfSSLParameters.
examples/provider/PskServerEngine.sh Adds run script for SSLEngine PSK server example.
examples/provider/PskServerEngine.java Adds SSLEngine PSK server example using WolfSSLParameters.
examples/provider/PskClientSocket.sh Adds run script for SSLSocket PSK client example.
examples/provider/PskClientSocket.java Adds SSLSocket PSK client example using WolfSSLParameters.
examples/provider/PskClientEngine.sh Adds run script for SSLEngine PSK client example.
examples/provider/PskClientEngine.java Adds SSLEngine PSK client example using WolfSSLParameters.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/java/com/wolfssl/provider/jsse/WolfSSLParameters.java Outdated
Comment thread src/java/com/wolfssl/provider/jsse/WolfSSLParameters.java Outdated
Comment thread src/test/com/wolfssl/provider/jsse/test/WolfSSLParametersPskTest.java Outdated
Comment thread src/test/com/wolfssl/provider/jsse/test/WolfSSLParametersPskTest.java Outdated
Comment thread src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java Outdated
@cconlon cconlon force-pushed the jssePsk branch 2 times, most recently from f0ab1a5 to 04c58f4 Compare March 6, 2026 01:21
Copilot AI review requested due to automatic review settings March 6, 2026 01:21
Copilot AI reviewed Mar 6, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 15 out of 15 changed files in this pull request and generated 8 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java Outdated
Comment thread src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java
Comment thread src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java Outdated
Comment thread src/test/com/wolfssl/provider/jsse/test/WolfSSLParametersPskTest.java
Comment thread src/test/com/wolfssl/provider/jsse/test/WolfSSLParametersPskTest.java
Comment thread src/test/com/wolfssl/provider/jsse/test/WolfSSLParametersPskTest.java Outdated
Comment thread src/test/com/wolfssl/provider/jsse/test/WolfSSLParametersPskTest.java Outdated
Comment thread examples/provider/PskClientSocket.java Outdated
Copilot AI review requested due to automatic review settings March 6, 2026 21:29
Copilot AI reviewed Mar 6, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 17 out of 17 changed files in this pull request and generated 6 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/java/com/wolfssl/provider/jsse/WolfSSLParameters.java Outdated
Comment thread src/java/com/wolfssl/provider/jsse/WolfSSLParameters.java
Comment thread examples/provider/PskClientEngine.java
Comment thread examples/provider/PskServerEngine.java
Comment thread examples/provider/PskClientSocket.java
Comment thread examples/provider/PskClientSocket.java
@cconlon cconlon assigned rlm2002 and cconlon and unassigned cconlon and rlm2002 Mar 9, 2026
Copilot AI review requested due to automatic review settings March 12, 2026 23:22
Copilot AI reviewed Mar 12, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 15 out of 15 changed files in this pull request and generated 3 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/java/com/wolfssl/provider/jsse/WolfSSLParametersHelper.java
Comment thread src/java/com/wolfssl/provider/jsse/WolfSSLParameters.java
Comment thread src/java/com/wolfssl/provider/jsse/WolfSSLParametersHelper.java
@cconlon
Copy link
Copy Markdown
Member Author

cconlon commented Mar 16, 2026

Will rebase once #343 gets in for failing tests

Copilot AI review requested due to automatic review settings March 17, 2026 19:45
Copilot AI reviewed Mar 17, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 16 out of 16 changed files in this pull request and generated 5 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/java/com/wolfssl/provider/jsse/WolfSSLParameters.java Outdated
Comment thread src/java/com/wolfssl/provider/jsse/WolfSSLParametersHelper.java
Comment thread src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java
Comment thread src/test/com/wolfssl/provider/jsse/test/WolfSSLParametersPskTest.java
Comment thread src/test/com/wolfssl/provider/jsse/test/WolfSSLParametersPskTest.java
@cconlon cconlon assigned rlm2002 and unassigned cconlon Mar 17, 2026
@rlm2002 rlm2002 merged commit abf7f34 into wolfSSL:master Mar 18, 2026
100 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@rlm2002 rlm2002 rlm2002 approved these changes

Assignees

@rlm2002 rlm2002

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cconlon @rlm2002