summaryrefslogtreecommitdiff
path: root/libjava/classpath/javax/net/ssl
diff options
context:
space:
mode:
authorupstream source tree <ports@midipix.org>2015-03-15 20:14:05 -0400
committerupstream source tree <ports@midipix.org>2015-03-15 20:14:05 -0400
commit554fd8c5195424bdbcabf5de30fdc183aba391bd (patch)
tree976dc5ab7fddf506dadce60ae936f43f58787092 /libjava/classpath/javax/net/ssl
downloadcbb-gcc-4.6.4-554fd8c5195424bdbcabf5de30fdc183aba391bd.tar.bz2
cbb-gcc-4.6.4-554fd8c5195424bdbcabf5de30fdc183aba391bd.tar.xz
obtained gcc-4.6.4.tar.bz2 from upstream website;upstream
verified gcc-4.6.4.tar.bz2.sig; imported gcc-4.6.4 source tree from verified upstream tarball. downloading a git-generated archive based on the 'upstream' tag should provide you with a source tree that is binary identical to the one extracted from the above tarball. if you have obtained the source via the command 'git clone', however, do note that line-endings of files in your working directory might differ from line-endings of the respective files in the upstream repository.
Diffstat (limited to 'libjava/classpath/javax/net/ssl')
-rw-r--r--libjava/classpath/javax/net/ssl/CertPathTrustManagerParameters.java71
-rw-r--r--libjava/classpath/javax/net/ssl/HandshakeCompletedEvent.java183
-rw-r--r--libjava/classpath/javax/net/ssl/HandshakeCompletedListener.java57
-rw-r--r--libjava/classpath/javax/net/ssl/HostnameVerifier.java64
-rw-r--r--libjava/classpath/javax/net/ssl/HttpsURLConnection.java324
-rw-r--r--libjava/classpath/javax/net/ssl/KeyManager.java51
-rw-r--r--libjava/classpath/javax/net/ssl/KeyManagerFactory.java294
-rw-r--r--libjava/classpath/javax/net/ssl/KeyManagerFactorySpi.java102
-rw-r--r--libjava/classpath/javax/net/ssl/KeyStoreBuilderParameters.java48
-rw-r--r--libjava/classpath/javax/net/ssl/ManagerFactoryParameters.java50
-rw-r--r--libjava/classpath/javax/net/ssl/SSLContext.java293
-rw-r--r--libjava/classpath/javax/net/ssl/SSLContextSpi.java131
-rw-r--r--libjava/classpath/javax/net/ssl/SSLEngine.java442
-rw-r--r--libjava/classpath/javax/net/ssl/SSLEngineResult.java194
-rw-r--r--libjava/classpath/javax/net/ssl/SSLException.java91
-rw-r--r--libjava/classpath/javax/net/ssl/SSLHandshakeException.java51
-rw-r--r--libjava/classpath/javax/net/ssl/SSLKeyException.java52
-rw-r--r--libjava/classpath/javax/net/ssl/SSLPeerUnverifiedException.java51
-rw-r--r--libjava/classpath/javax/net/ssl/SSLPermission.java66
-rw-r--r--libjava/classpath/javax/net/ssl/SSLProtocolException.java53
-rw-r--r--libjava/classpath/javax/net/ssl/SSLServerSocket.java188
-rw-r--r--libjava/classpath/javax/net/ssl/SSLServerSocketFactory.java221
-rw-r--r--libjava/classpath/javax/net/ssl/SSLSession.java235
-rw-r--r--libjava/classpath/javax/net/ssl/SSLSessionBindingEvent.java94
-rw-r--r--libjava/classpath/javax/net/ssl/SSLSessionBindingListener.java65
-rw-r--r--libjava/classpath/javax/net/ssl/SSLSessionContext.java103
-rw-r--r--libjava/classpath/javax/net/ssl/SSLSocket.java229
-rw-r--r--libjava/classpath/javax/net/ssl/SSLSocketFactory.java250
-rw-r--r--libjava/classpath/javax/net/ssl/TrivialHostnameVerifier.java51
-rw-r--r--libjava/classpath/javax/net/ssl/TrustManager.java47
-rw-r--r--libjava/classpath/javax/net/ssl/TrustManagerFactory.java287
-rw-r--r--libjava/classpath/javax/net/ssl/TrustManagerFactorySpi.java88
-rw-r--r--libjava/classpath/javax/net/ssl/X509ExtendedKeyManager.java96
-rw-r--r--libjava/classpath/javax/net/ssl/X509KeyManager.java108
-rw-r--r--libjava/classpath/javax/net/ssl/X509TrustManager.java76
-rw-r--r--libjava/classpath/javax/net/ssl/package.html46
36 files changed, 4852 insertions, 0 deletions
diff --git a/libjava/classpath/javax/net/ssl/CertPathTrustManagerParameters.java b/libjava/classpath/javax/net/ssl/CertPathTrustManagerParameters.java
new file mode 100644
index 000000000..c23d65490
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/CertPathTrustManagerParameters.java
@@ -0,0 +1,71 @@
+/* CertPathTrustManagerParameters.java --
+ Copyright (C) 2006 Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.security.cert.CertPathParameters;
+
+/**
+ * Trust manager parameters for certification paths.
+ */
+public class CertPathTrustManagerParameters implements ManagerFactoryParameters
+{
+ private final CertPathParameters params;
+
+ /**
+ * Creates a new trust manager parameter instance. The argument is
+ * cloned to prevent modification of this instance.
+ *
+ * @param params The certificate path parameters.
+ * @throws NullPointerException If params is null.
+ */
+ public CertPathTrustManagerParameters (final CertPathParameters params)
+ {
+ this.params = (CertPathParameters) params.clone ();
+ }
+
+ /**
+ * Returns a copy of the certificate path parameters.
+ *
+ * @return A copy of the certificate path parameters.
+ */
+ public CertPathParameters getParameters ()
+ {
+ return (CertPathParameters) params.clone ();
+ }
+}
diff --git a/libjava/classpath/javax/net/ssl/HandshakeCompletedEvent.java b/libjava/classpath/javax/net/ssl/HandshakeCompletedEvent.java
new file mode 100644
index 000000000..b65dff06c
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/HandshakeCompletedEvent.java
@@ -0,0 +1,183 @@
+/* HandshakeCompletedEvent.java -- SSL handshake completed.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.security.Principal;
+import java.security.cert.Certificate;
+
+import javax.security.cert.X509Certificate;
+
+/**
+ * An event raised by a SSLSocket and passed to the {@link
+ * HandshakeCompletedListener#handshakeCompleted(HandshakeCompletedEvent)}
+ * method of all registered listeners when a SSL handshake in a SSL
+ * protocol is completed.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public class HandshakeCompletedEvent extends java.util.EventObject
+{
+ // Fields.
+ // -------------------------------------------------------------------
+
+ /** Serialization constant. */
+ private static final long serialVersionUID = 7914963744257769778L;
+
+ /** The session. */
+ private final transient SSLSession session;
+
+ // Constructor.
+ // -------------------------------------------------------------------
+
+ /**
+ * Creates a new handshake completed event.
+ *
+ * @param socket The socket (also the source) creating this event.
+ * @param session The associated session object.
+ * @throws NullPointerException If <i>session</i> is null.
+ */
+ public HandshakeCompletedEvent(SSLSocket socket, SSLSession session)
+ {
+ super(socket);
+ if (session == null)
+ throw new NullPointerException();
+ this.session = session;
+ }
+
+ // Instance methods.
+ // --------------------------------------------------------------------
+
+ /**
+ * Returns the name of the cipher that was negotiated in this
+ * connection.
+ *
+ * @return The negotiated cipher name.
+ */
+ public String getCipherSuite()
+ {
+ if (session != null)
+ return session.getCipherSuite();
+ return null;
+ }
+
+ /**
+ * Returns the local certificates being used in this connection.
+ *
+ * @return The local certificates.
+ */
+ public Certificate[] getLocalCertificates()
+ {
+ if (session != null)
+ return session.getLocalCertificates();
+ return null;
+ }
+
+ /**
+ * Returns the local identity used in this connection, or
+ * <code>null</code> if there is none.
+ *
+ * @return The local identity.
+ * @since 1.5
+ */
+ public Principal getLocalPrincipal ()
+ {
+ if (session != null)
+ return session.getLocalPrincipal ();
+ return null;
+ }
+
+ /**
+ * Returns the peer's certificates being used in this connection.
+ *
+ * @return The peer's certificates.
+ * @throws SSLPeerUnverifiedException If the peer has not been
+ * verified.
+ */
+ public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException
+ {
+ if (session != null)
+ return session.getPeerCertificates();
+ return null;
+ }
+
+ public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException
+ {
+ if (session != null)
+ return session.getPeerCertificateChain();
+ return null;
+ }
+
+ /**
+ * Returns the peer's identity, or <code>null</code> if there is
+ * none.
+ *
+ * @return The peer's identity.
+ * @throws SSLPeerUnverifiedException If the remote peer's identity
+ * could not be verified.
+ * @since 1.5
+ */
+ public Principal getPeerPrincipal () throws SSLPeerUnverifiedException
+ {
+ if (session != null)
+ return session.getPeerPrincipal ();
+ return null;
+ }
+
+ /**
+ * Returns the SSL session object associated with this connection.
+ *
+ * @return The session object.
+ */
+ public SSLSession getSession()
+ {
+ return session;
+ }
+
+ /**
+ * Returns the socket over which this connection is being
+ * negotiated. This method is equivalent to the {@link
+ * java.util.EventObject#getSource()} method.
+ *
+ * @return The socket.
+ */
+ public SSLSocket getSocket()
+ {
+ return (SSLSocket) getSource();
+ }
+}
diff --git a/libjava/classpath/javax/net/ssl/HandshakeCompletedListener.java b/libjava/classpath/javax/net/ssl/HandshakeCompletedListener.java
new file mode 100644
index 000000000..98584f290
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/HandshakeCompletedListener.java
@@ -0,0 +1,57 @@
+/* HandshakeCompletedListener.java -- listens for handshake events.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * An event listener that waits to be notified of {@link
+ * HandshakeCompletedEvent} objects created when handshake phase of
+ * the SSL protocol is completed for a particular connection.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public interface HandshakeCompletedListener extends java.util.EventListener
+{
+
+ /**
+ * Called when the handshake phase of the SSL protocol completes.
+ *
+ * @param event The event describing the new connection.
+ */
+ void handshakeCompleted(HandshakeCompletedEvent event);
+}
diff --git a/libjava/classpath/javax/net/ssl/HostnameVerifier.java b/libjava/classpath/javax/net/ssl/HostnameVerifier.java
new file mode 100644
index 000000000..4b0465678
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/HostnameVerifier.java
@@ -0,0 +1,64 @@
+/* HostnameVerifier.java -- verifies disparate hostnames.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * The interface for classes that perform hostname verification for cases
+ * when the hostname used to begin the connection (such as in a URL)
+ * does not match the hostname used in the SSL handshake.
+ * Implementations of this interface should provide an implementation
+ * of the {@link #verify(java.lang.String,javax.net.ssl.SSLSession)}
+ * method that accepts or rejects hostnames as appropriate.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public interface HostnameVerifier
+{
+
+ /**
+ * Verifies a hostname given a particular SSL session. This method
+ * should return <code>true</code> if the hostname is an accepted
+ * alias for the hostname negotiated in the SSL handshake.
+ *
+ * @param hostname The hostname in question.
+ * @param session The current SSL session.
+ * @return <code>true</code> if the hostname is acceptable.
+ */
+ boolean verify(String hostname, SSLSession session);
+}
diff --git a/libjava/classpath/javax/net/ssl/HttpsURLConnection.java b/libjava/classpath/javax/net/ssl/HttpsURLConnection.java
new file mode 100644
index 000000000..c02cb9e7b
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/HttpsURLConnection.java
@@ -0,0 +1,324 @@
+/* HttpsURLConnection.java -- an HTTPS connection.
+ Copyright (C) 2004, 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.net.HttpURLConnection;
+import java.net.URL;
+import java.security.Principal;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+
+/**
+ * A URL connection that connects via the <i>Secure Socket Layer</i>
+ * (<b>SSL</b>) for HTTPS connections.
+ *
+ * <p>This class may be used in the same way as {@link
+ * HttpURLConnection}, and it will transparently negotiate the SSL
+ * connection.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public abstract class HttpsURLConnection extends HttpURLConnection
+{
+
+ // Fields.
+ // ------------------------------------------------------------------
+
+ /**
+ * The default verifier.
+ * This is lazily initialized as required.
+ * @see #getDefaultHostnameVerifier
+ */
+ private static HostnameVerifier defaultVerifier;
+
+ /**
+ * The default factory.
+ * This is lazily initialized as required.
+ * @see #getDefaultSSLSocketFactory
+ */
+ private static SSLSocketFactory defaultFactory;
+
+ /**
+ * The hostname verifier used for this connection.
+ */
+ protected HostnameVerifier hostnameVerifier;
+
+ /**
+ * This connection's socket factory.
+ */
+ private SSLSocketFactory factory;
+
+ // Constructor.
+ // ------------------------------------------------------------------
+
+ /**
+ * Creates a new HTTPS URL connection.
+ *
+ * @param url The URL of the connection being established.
+ * @specnote This was marked as throwing IOException in 1.4,
+ * but this was removed in 1.5.
+ */
+ protected HttpsURLConnection(URL url)
+ {
+ super(url);
+ }
+
+ // Class methods.
+ // ------------------------------------------------------------------
+
+ /**
+ * Returns the default hostname verifier used in all new
+ * connections.
+ * If the default verifier has not been set, a new default one will be
+ * provided by this method.
+ *
+ * @return The default hostname verifier.
+ */
+ public static synchronized HostnameVerifier getDefaultHostnameVerifier()
+ {
+ if (defaultVerifier == null)
+ {
+ defaultVerifier = new TrivialHostnameVerifier();
+ }
+ return defaultVerifier;
+ }
+
+ /**
+ * Sets the default hostname verifier to be used in all new
+ * connections.
+ *
+ * @param newDefault The new default hostname verifier.
+ * @throws IllegalArgumentException If <i>newDefault</i> is null.
+ * @throws SecurityException If there is a security manager
+ * currently installed and the caller does not have the {@link
+ * SSLPermission} "setHostnameVerifier".
+ */
+ public static void setDefaultHostnameVerifier(HostnameVerifier newDefault)
+ {
+ if (newDefault == null)
+ throw new IllegalArgumentException("default verifier cannot be null");
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(new SSLPermission("setHostnameVerifier"));
+ synchronized (HttpsURLConnection.class)
+ {
+ defaultVerifier = newDefault;
+ }
+ }
+
+ /**
+ * Returns the default SSL socket factory used in all new
+ * connections.
+ * If the default SSL socket factory has not been set, a new default one
+ * will be provided by this method.
+ *
+ * @return The default SSL socket factory.
+ */
+ public static synchronized SSLSocketFactory getDefaultSSLSocketFactory()
+ {
+ if (defaultFactory == null)
+ {
+ try
+ {
+ defaultFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
+ }
+ catch (Throwable t)
+ {
+ t.printStackTrace();
+ }
+ }
+ return defaultFactory;
+ }
+
+ /**
+ * Sets the default SSL socket factory to be used in all new
+ * connections.
+ *
+ * @param newDefault The new socket factory.
+ * @throws IllegalArgumentException If <i>newDefault</i> is null.
+ * @throws SecurityException If there is a security manager
+ * installed and a call to {@link
+ * SecurityManager#checkSetFactory()} fails.
+ */
+ public static void setDefaultSSLSocketFactory(SSLSocketFactory newDefault)
+ {
+ if (newDefault == null)
+ throw new IllegalArgumentException("default factory cannot be null");
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkSetFactory();
+ synchronized (HttpsURLConnection.class)
+ {
+ defaultFactory = newDefault;
+ }
+ }
+
+ // Instance methods.
+ // ------------------------------------------------------------------
+
+ /**
+ * Returns the current hostname verifier for this instance.
+ *
+ * @return The hostname verifier.
+ */
+ public HostnameVerifier getHostnameVerifier()
+ {
+ if (hostnameVerifier == null)
+ {
+ hostnameVerifier = getDefaultHostnameVerifier();
+ }
+ return hostnameVerifier;
+ }
+
+ /**
+ * Sets the hostname verifier for this instance.
+ *
+ * @param hostnameVerifier The new verifier.
+ * @throws IllegalArgumentException If <i>hostnameVerifier</i> is
+ * null.
+ */
+ public void setHostnameVerifier(HostnameVerifier hostnameVerifier)
+ {
+ if (hostnameVerifier == null)
+ throw new IllegalArgumentException("verifier cannot be null");
+ this.hostnameVerifier = hostnameVerifier;
+ }
+
+ /**
+ * Returns the current SSL socket factory for this instance.
+ *
+ * @return The current SSL socket factory.
+ */
+ public SSLSocketFactory getSSLSocketFactory()
+ {
+ if (factory == null)
+ {
+ factory = getDefaultSSLSocketFactory();
+ }
+ return factory;
+ }
+
+ /**
+ * Sets the SSL socket factory for this instance.
+ *
+ * @param factory The new factory.
+ * @throws IllegalArgumentException If <i>factory</i> is null.
+ */
+ public void setSSLSocketFactory(SSLSocketFactory factory)
+ {
+ if (factory == null)
+ throw new IllegalArgumentException("factory cannot be null");
+ this.factory = factory;
+ }
+
+ /**
+ * Returns the local principal for this connection.
+ *
+ * <p>The default implementation will return the {@link
+ * javax.security.x500.X500Principal} for the end entity certificate
+ * in the local certificate chain if those certificates are of type
+ * {@link java.security.cert.X509Certificate}. Otherwise, this
+ * method returns <code>null</code>.
+ *
+ * @return The local principal.
+ * @since 1.5
+ */
+ public Principal getLocalPrincipal ()
+ {
+ Certificate[] c = getLocalCertificates ();
+ if (c != null && c.length > 0 && (c[0] instanceof X509Certificate))
+ return ((X509Certificate) c[0]).getSubjectX500Principal ();
+ return null;
+ }
+
+ /**
+ * Returns the remote peer's principal for this connection.
+ *
+ * <p>The default implementation will return the {@link
+ * javax.security.x500.X500Principal} for the end entity certificate
+ * in the remote peer's certificate chain if those certificates are
+ * of type {@link java.security.cert.X509Certificate}. Otherwise,
+ * this method returns <code>null</code>.
+ *
+ * @return The remote principal.
+ * @throws SSLPeerUnverifiedException If the remote peer has not
+ * been verified.
+ * @since 1.5
+ */
+ public Principal getPeerPrincipal () throws SSLPeerUnverifiedException
+ {
+ Certificate[] c = getServerCertificates ();
+ if (c != null && c.length > 0 && (c[0] instanceof X509Certificate))
+ return ((X509Certificate) c[0]).getSubjectX500Principal ();
+ return null;
+ }
+
+ // Abstract methods.
+ // -------------------------------------------------------------------
+
+ /**
+ * Returns the cipher name negotiated for this connection.
+ *
+ * @return The cipher name.
+ * @throws IllegalStateException If the connection has not yet been
+ * established.
+ */
+ public abstract String getCipherSuite();
+
+ /**
+ * Returns the certificates used on the local side in this
+ * connection.
+ *
+ * @return The local certificates.
+ * @throws IllegalStateException If the connection has not yet been
+ * established.
+ */
+ public abstract Certificate[] getLocalCertificates();
+
+ /**
+ * Returns the certificates sent by the other party.
+ *
+ * @return The peer's certificates.
+ * @throws IllegalStateException If the connection has not yet been
+ * established.
+ * @throws SSLPeerUnverifiedException If the peer could not be
+ * verified.
+ */
+ public abstract Certificate[] getServerCertificates() throws SSLPeerUnverifiedException;
+}
diff --git a/libjava/classpath/javax/net/ssl/KeyManager.java b/libjava/classpath/javax/net/ssl/KeyManager.java
new file mode 100644
index 000000000..688faa5d5
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/KeyManager.java
@@ -0,0 +1,51 @@
+/* KeyManager.java -- marker interface for key manager classes.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * A marker interface for objects that serve as key managers in SSL
+ * communications. Key managers typically keep track of the public
+ * certificates and private keys when authenticating the local host to
+ * remote host, and thus is typically used in SSL servers.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public interface KeyManager
+{
+}
diff --git a/libjava/classpath/javax/net/ssl/KeyManagerFactory.java b/libjava/classpath/javax/net/ssl/KeyManagerFactory.java
new file mode 100644
index 000000000..d9519512a
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/KeyManagerFactory.java
@@ -0,0 +1,294 @@
+/* KeyManagerFactory.java -- factory for key managers.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import gnu.java.security.Engine;
+
+import java.lang.reflect.InvocationTargetException;
+import java.security.AccessController;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivilegedAction;
+import java.security.Provider;
+import java.security.Security;
+import java.security.UnrecoverableKeyException;
+
+/**
+ * A class that creates key manager implementations based on a
+ * requested algorithm.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public class KeyManagerFactory
+{
+
+ // Constants and fields.
+ // ------------------------------------------------------------------
+
+ /** The service name for key manager factories. */
+ private static final String KEY_MANAGER_FACTORY = "KeyManagerFactory";
+
+ /** The system default trust manager algorithm. */
+ private static final String DEFAULT_ALGORITHM = "JessieX509";
+
+ /** The underlying engine. */
+ private final KeyManagerFactorySpi kmfSpi;
+
+ /** The provider of this implementation. */
+ private final Provider provider;
+
+ /** The name of this algorithm. */
+ private final String algorithm;
+
+ // Constructor.
+ // ------------------------------------------------------------------
+
+ /**
+ * Create a new key manager factory.
+ *
+ * @param kmfSpi The underlying engine.
+ * @param provider The engine's provider.
+ * @param algorithm The name of this algorithm.
+ */
+ protected KeyManagerFactory(KeyManagerFactorySpi kmfSpi,
+ Provider provider, String algorithm)
+ {
+ this.kmfSpi = kmfSpi;
+ this.provider = provider;
+ this.algorithm = algorithm;
+ }
+
+ // Class methods.
+ // ------------------------------------------------------------------
+
+ /**
+ * Get the default algorithm name. This value may be specified at
+ * run-time via the security property
+ * "ssl.KeyManagerFactory.algorithm". If this property is
+ * not specified, this method returns "JessieX509".
+ *
+ * @return The default key manager factory algorithm's name.
+ */
+ public static final String getDefaultAlgorithm()
+ {
+ String alg = null;
+ try
+ {
+ alg = (String) AccessController.doPrivileged(
+ new PrivilegedAction()
+ {
+ public Object run()
+ {
+ return Security.getProperty("ssl.KeyManagerFactory.algorithm");
+ }
+ }
+ );
+ }
+ catch (SecurityException se)
+ {
+ }
+ if (alg == null)
+ alg = DEFAULT_ALGORITHM;
+ return alg;
+ }
+
+ /**
+ * Create an instance of the named key manager factory, from the first
+ * provider that implements it.
+ *
+ * @param algorithm The type of key manager factory to get.
+ * @return An appropriate implementation of that algoritm.
+ * @throws NoSuchAlgorithmException If no provider implements the requested
+ * algorithm.
+ * @throws IllegalArgumentException if <code>algorithm</code> is
+ * <code>null</code> or is an empty string.
+ */
+ public static final KeyManagerFactory getInstance(String algorithm)
+ throws NoSuchAlgorithmException
+ {
+ Provider[] p = Security.getProviders();
+ NoSuchAlgorithmException lastException = null;
+ for (int i = 0; i < p.length; i++)
+ try
+ {
+ return getInstance(algorithm, p[i]);
+ }
+ catch (NoSuchAlgorithmException x)
+ {
+ lastException = x;
+ }
+ if (lastException != null)
+ throw lastException;
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+
+ /**
+ * Create an instance of the named key manager factory, from the named
+ * provider.
+ *
+ * @param algorithm The type of key manager factory to get.
+ * @param provider The name of the provider to get the implementation from.
+ * @return An appropriate implementation of that algorithm.
+ * @throws NoSuchAlgorithmException If the provider does not implement the
+ * requested algorithm.
+ * @throws NoSuchProviderException If the named provider does not exist.
+ * @throws IllegalArgumentException if either <code>algorithm</code> or
+ * <code>provider</code> is <code>null</code>, or if
+ * <code>algorithm</code> is an empty string.
+ */
+ public static final KeyManagerFactory getInstance(String algorithm,
+ String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException
+ {
+ if (provider == null)
+ throw new IllegalArgumentException("provider MUST NOT be null");
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ throw new NoSuchProviderException(provider);
+ return getInstance(algorithm, p);
+ }
+
+ /**
+ * Create an instance of the named key manager factory, from the given
+ * provider.
+ *
+ * @param algorithm The type of key manager factory to get.
+ * @param provider The provider to get the implementation from.
+ * @return An appropriate implementation of that algorithm.
+ * @throws NoSuchAlgorithmException If the provider does not implement the
+ * requested algorithm.
+ * @throws IllegalArgumentException if either <code>algorithm</code> or
+ * <code>provider</code> is <code>null</code>, or if
+ * <code>algorithm</code> is an empty string.
+ */
+ public static final KeyManagerFactory getInstance(String algorithm,
+ Provider provider)
+ throws NoSuchAlgorithmException
+ {
+ StringBuilder sb = new StringBuilder("KeyManagerFactory algorithm [")
+ .append(algorithm).append("] from provider[")
+ .append(provider).append("] could not be created");
+ Throwable cause;
+ try
+ {
+ Object spi = Engine.getInstance(KEY_MANAGER_FACTORY, algorithm, provider);
+ return new KeyManagerFactory((KeyManagerFactorySpi) spi, provider, algorithm);
+ }
+ catch (InvocationTargetException x)
+ {
+ cause = x.getCause();
+ if (cause instanceof NoSuchAlgorithmException)
+ throw (NoSuchAlgorithmException) cause;
+ if (cause == null)
+ cause = x;
+ }
+ catch (ClassCastException x)
+ {
+ cause = x;
+ }
+ NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString());
+ x.initCause(cause);
+ throw x;
+ }
+
+ /**
+ * Returns the name of this key manager factory algorithm.
+ *
+ * @return The name of this key manager factory algorithm.
+ */
+ public final String getAlgorithm()
+ {
+ return algorithm;
+ }
+
+ /**
+ * Get an array of key managers appropriate for this algorithm, with
+ * the most preferred manager first.
+ *
+ * @return The array of key managers.
+ */
+ public final KeyManager[] getKeyManagers()
+ {
+ return kmfSpi.engineGetKeyManagers();
+ }
+
+ /**
+ * Returns the provider of this implementation.
+ *
+ * @return The provider of this implementation.
+ */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ * Initialize this instance with an implementation-dependent
+ * parameter object.
+ *
+ * @param params The parameters to initialize with.
+ * @throws InvalidAlgorithmParameterException If the specified
+ * parameters are inappropriate.
+ */
+ public final void init(ManagerFactoryParameters params)
+ throws InvalidAlgorithmParameterException
+ {
+ kmfSpi.engineInit(params);
+ }
+
+ /**
+ * Initialize this instance with a key store and a password for
+ * private key entries.
+ *
+ * @param store The key store to read.
+ * @param passwd The password protecting private keys in the store.
+ * @throws KeyStoreException If an error occurs reading the keys.
+ * @throws NoSuchAlgorithmException If an algorithm (such as a
+ * certificate algorithm) is not available.
+ * @throws UnrecoverableKeyException If the password is incorrect.
+ */
+ public final void init(KeyStore store, char[] passwd)
+ throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException
+ {
+ kmfSpi.engineInit(store, passwd);
+ }
+}
diff --git a/libjava/classpath/javax/net/ssl/KeyManagerFactorySpi.java b/libjava/classpath/javax/net/ssl/KeyManagerFactorySpi.java
new file mode 100644
index 000000000..a74bcee3a
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/KeyManagerFactorySpi.java
@@ -0,0 +1,102 @@
+/* KeyManagerFactorySpi.java -- SPI for key manager factories.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+
+/**
+ * The <i>Service Provider Interface</i> (<b>SPI</b>) for key manager
+ * factories.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public abstract class KeyManagerFactorySpi
+{
+
+ // Constructor.
+ // ------------------------------------------------------------------
+
+ public KeyManagerFactorySpi()
+ {
+ super();
+ }
+
+ // Abstract methods.
+ // ------------------------------------------------------------------
+
+ /**
+ * Engine method for retrieving this factory's key managers.
+ *
+ * @return The key managers.
+ */
+ protected abstract KeyManager[] engineGetKeyManagers();
+
+ /**
+ * Engine method for initializing this factory with some
+ * algorithm-specific parameters.
+ *
+ * @param params The factory parameters.
+ * @throws InvalidAlgorithmParameterException If the supplied parameters
+ * are inappropriate for this instance.
+ */
+ protected abstract void engineInit(ManagerFactoryParameters params)
+ throws InvalidAlgorithmParameterException;
+
+ /**
+ * Engine method for initializing this factory with a key store and a
+ * password for private keys. Either parameter may be <code>null</code>,
+ * in which case some default parameters (possibly derived from system
+ * properties) should be used.
+ *
+ * @param store The key store.
+ * @param passwd The private key password.
+ * @throws KeyStoreException If the key store cannot be accessed.
+ * @throws NoSuchAlgorithmException If some of the data from the key
+ * store cannot be retrieved.
+ * @throws UnrecoverableKeyException If a private key cannot be retrieved,
+ * likely from a wrong password.
+ */
+ protected abstract void engineInit(KeyStore store, char[] passwd)
+ throws KeyStoreException, NoSuchAlgorithmException,
+ UnrecoverableKeyException;
+}
diff --git a/libjava/classpath/javax/net/ssl/KeyStoreBuilderParameters.java b/libjava/classpath/javax/net/ssl/KeyStoreBuilderParameters.java
new file mode 100644
index 000000000..26b61428f
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/KeyStoreBuilderParameters.java
@@ -0,0 +1,48 @@
+/* KeyStoreBuilderParameters.java --
+ Copyright (C) 2006 Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * <p style="color: red;"><b>FIXME</b> this class is currently a stub;
+ * it depends on an implementation of {@link
+ * java.security.KeyStore.Builder}</p>.
+ */
+public class KeyStoreBuilderParameters implements ManagerFactoryParameters
+{
+}
diff --git a/libjava/classpath/javax/net/ssl/ManagerFactoryParameters.java b/libjava/classpath/javax/net/ssl/ManagerFactoryParameters.java
new file mode 100644
index 000000000..59c921509
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/ManagerFactoryParameters.java
@@ -0,0 +1,50 @@
+/* ManagerFactoryParameters.java -- marker interface for manager parameters.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * A marker interface for classes that serve as key or trust manager
+ * parameters, used to initialize instances of {@link
+ * KeyManagerFactory} or {@link TrustManagerFactory}.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public interface ManagerFactoryParameters
+{
+}
diff --git a/libjava/classpath/javax/net/ssl/SSLContext.java b/libjava/classpath/javax/net/ssl/SSLContext.java
new file mode 100644
index 000000000..9a6e9a5f0
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLContext.java
@@ -0,0 +1,293 @@
+/* SSLContext.java -- an SSL protocol context.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import gnu.java.security.Engine;
+
+import java.lang.reflect.InvocationTargetException;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.SecureRandom;
+import java.security.Security;
+
+/**
+ * A "meta-factory" for protocol-specific socket and server socket
+ * factories. This class serves as a clearinghouse for socket
+ * factories and cached session contexts for a particular protocol,
+ * such as SSLv3.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public class SSLContext
+{
+ // Constants and fields.
+ // ------------------------------------------------------------------
+
+ /** Service name for SSL contexts. */
+ private static final String SSL_CONTEXT = "SSLContext";
+
+ /** The underlying engine. */
+ private final SSLContextSpi ctxSpi;
+
+ /** The provider of the engine class. */
+ private final Provider provider;
+
+ /** The protocal name. */
+ private final String protocol;
+
+ // Constructor.
+ // ------------------------------------------------------------------
+
+ /**
+ * Create a new SSL context.
+ *
+ * @param ctxSpi The context engine.
+ * @param provider The provider of the implementation.
+ * @param protocol The name of the SSL protocol.
+ */
+ protected SSLContext(SSLContextSpi ctxSpi, Provider provider,
+ String protocol)
+ {
+ this.ctxSpi = ctxSpi;
+ this.provider = provider;
+ this.protocol = protocol;
+ }
+
+ /**
+ * Get an instance of a context for the specified protocol from the first
+ * provider that implements it.
+ *
+ * @param protocol The name of the protocol to get a context for.
+ * @return The new context.
+ * @throws NoSuchAlgorithmException If no provider implements the given
+ * protocol.
+ * @throws IllegalArgumentException if <code>protocol</code> is
+ * <code>null</code> or is an empty string.
+ */
+ public static final SSLContext getInstance(String protocol)
+ throws NoSuchAlgorithmException
+ {
+ Provider[] p = Security.getProviders();
+ NoSuchAlgorithmException lastException = null;
+ for (int i = 0; i < p.length; i++)
+ try
+ {
+ return getInstance(protocol, p[i]);
+ }
+ catch (NoSuchAlgorithmException x)
+ {
+ lastException = x;
+ }
+ if (lastException != null)
+ throw lastException;
+ throw new NoSuchAlgorithmException(protocol);
+ }
+
+ /**
+ * Get an instance of a context for the specified protocol from the named
+ * provider.
+ *
+ * @param protocol The name of the protocol to get a context for.
+ * @param provider The name of the provider to get the implementation from.
+ * @return The new context.
+ * @throws NoSuchAlgorithmException If the provider does not implement the
+ * given protocol.
+ * @throws NoSuchProviderException If the named provider does not exist.
+ * @throws IllegalArgumentException if either <code>protocol</code> or
+ * <code>provider</code> is <code>null</code>, or if
+ * <code>protocol</code> is an empty string.
+ */
+ public static final SSLContext getInstance(String protocol, String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException
+ {
+ if (provider == null)
+ throw new IllegalArgumentException("provider MUST NOT be null");
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ throw new NoSuchProviderException(provider);
+ return getInstance(protocol, p);
+ }
+
+ /**
+ * Get an instance of a context for the specified protocol from the specified
+ * provider.
+ *
+ * @param protocol The name of the protocol to get a context for.
+ * @param provider The name of the provider to get the implementation from.
+ * @return The new context.
+ * @throws NoSuchAlgorithmException If the provider does not implement the
+ * given protocol.
+ * @throws IllegalArgumentException if either <code>protocol</code> or
+ * <code>provider</code> is <code>null</code>, or if
+ * <code>protocol</code> is an empty string.
+ */
+ public static final SSLContext getInstance(String protocol, Provider provider)
+ throws NoSuchAlgorithmException
+ {
+ StringBuilder sb = new StringBuilder("SSLContext for protocol [")
+ .append(protocol).append("] from provider[")
+ .append(provider).append("] could not be created");
+ Throwable cause;
+ try
+ {
+ Object spi = Engine.getInstance(SSL_CONTEXT, protocol, provider);
+ return new SSLContext((SSLContextSpi) spi, provider, protocol);
+ }
+ catch (InvocationTargetException x)
+ {
+ cause = x.getCause();
+ if (cause instanceof NoSuchAlgorithmException)
+ throw (NoSuchAlgorithmException) cause;
+ if (cause == null)
+ cause = x;
+ }
+ catch (ClassCastException x)
+ {
+ cause = x;
+ }
+ NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString());
+ x.initCause(cause);
+ throw x;
+ }
+
+ /**
+ * Creates a new {@link SSLEngine} for this context.
+ *
+ * @return The new SSLEngine.
+ * @since 1.5
+ */
+ public final SSLEngine createSSLEngine ()
+ {
+ return ctxSpi.engineCreateSSLEngine ();
+ }
+
+ /**
+ * Creates a new {@link SSLEngine} for this context, with a given
+ * host name and port number.
+ *
+ * @param host The local host name.
+ * @param port The local port number.
+ * @return The new SSLEngine.
+ * @since 1.5
+ */
+ public final SSLEngine createSSLEngine (final String host, final int port)
+ {
+ return ctxSpi.engineCreateSSLEngine (host, port);
+ }
+
+ /**
+ * Returns the set of SSL contexts available for client connections.
+ *
+ * @return The set of SSL contexts available for client connections.
+ */
+ public final SSLSessionContext getClientSessionContext()
+ {
+ return ctxSpi.engineGetClientSessionContext();
+ }
+
+ /**
+ * Returns the protocol name of this context.
+ *
+ * @return The protocol name of this context.
+ */
+ public final String getProtocol()
+ {
+ return protocol;
+ }
+
+ /**
+ * Returns the provider of this implementation.
+ *
+ * @return The provider of this implementation.
+ */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ * Returns the set of SSL contexts available for server connections.
+ *
+ * @return The set of SSL contexts available for server connections.
+ */
+ public final SSLSessionContext getServerSessionContext()
+ {
+ return ctxSpi.engineGetServerSessionContext();
+ }
+
+ /**
+ * Returns the factory for server SSL sockets.
+ *
+ * @return The factory for server SSL sockets.
+ */
+ public final SSLServerSocketFactory getServerSocketFactory()
+ {
+ return ctxSpi.engineGetServerSocketFactory();
+ }
+
+ /**
+ * Returns the factory for client SSL sockets.
+ *
+ * @return The factory for client SSL sockets.
+ */
+ public final SSLSocketFactory getSocketFactory()
+ {
+ return ctxSpi.engineGetSocketFactory();
+ }
+
+ /**
+ * Initializes this context and prepares it for producing socket
+ * factories. All of the parameters are optional; default values are
+ * used if left unspecified.
+ *
+ * @param keyManagers The set of key managers to use.
+ * @param trustManagers The set of trust managers to use.
+ * @param random A source of random bits to use.
+ * @throws KeyManagementException If initialization fails.
+ */
+ public final void init(KeyManager[] keyManagers,
+ TrustManager[] trustManagers,
+ SecureRandom random)
+ throws KeyManagementException
+ {
+ ctxSpi.engineInit(keyManagers, trustManagers, random);
+ }
+}
diff --git a/libjava/classpath/javax/net/ssl/SSLContextSpi.java b/libjava/classpath/javax/net/ssl/SSLContextSpi.java
new file mode 100644
index 000000000..03c44f85e
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLContextSpi.java
@@ -0,0 +1,131 @@
+/* SSLContextSpi.java -- SPI for SSL contexts.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.security.KeyManagementException;
+import java.security.SecureRandom;
+
+/**
+ * The <i>Service Provider Interface</i> (<b>SPI</b>) for SSLContext
+ * objects.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public abstract class SSLContextSpi
+{
+
+ // Constructor.
+ // -------------------------------------------------------------------
+
+ /**
+ * Create a new SSLContextSpi.
+ */
+ public SSLContextSpi()
+ {
+ super();
+ }
+
+ // Abstract methods.
+ // -------------------------------------------------------------------
+
+ // Sun, you've broken existing applications by introducing new
+ // abstract methods! Goodjob!!!
+
+ /**
+ * Returns a new {@link SSLEngine} for this context.
+ *
+ * @return A new SSLEngine.
+ * @since 1.5
+ */
+ protected abstract SSLEngine engineCreateSSLEngine ();
+
+ /**
+ * Returns a new {@link SSLEngine} for this context, for the given
+ * host name and port number.
+ *
+ * @param host The local host name.
+ * @param port The local port number.
+ * @return A new SSLEngine.
+ * @since 1.5
+ */
+ protected abstract SSLEngine engineCreateSSLEngine (String host, int port);
+
+ /**
+ * Returns the set of SSL sessions available for client connections.
+ *
+ * @return The set of SSL sessions available for client connections.
+ */
+ protected abstract SSLSessionContext engineGetClientSessionContext();
+
+ /**
+ * Returns the set of SSL sessions available for server connections.
+ *
+ * @return The set of SSL sessions available for server connections.
+ */
+ protected abstract SSLSessionContext engineGetServerSessionContext();
+
+ /**
+ * Returns the SSL server socket factory.
+ *
+ * @return The SSL server socket factory.
+ */
+ protected abstract SSLServerSocketFactory engineGetServerSocketFactory();
+
+ /**
+ * Returns the SSL client socket factory.
+ *
+ * @return The SSL client socket factory.
+ */
+ protected abstract SSLSocketFactory engineGetSocketFactory();
+
+ /**
+ * Initialize this context with key and trust managers, and a source
+ * of randomness. All of the parameters are optional.
+ *
+ * @param keyManagers The set of key managers.
+ * @param trustManagers The set of trust managers.
+ * @param random The source of randomness.
+ * @throws KeyManagementException If this context cannot be
+ * initialized with these parameters.
+ */
+ protected abstract void engineInit(KeyManager[] keyManagers,
+ TrustManager[] trustManagers,
+ SecureRandom random)
+ throws KeyManagementException;
+}
diff --git a/libjava/classpath/javax/net/ssl/SSLEngine.java b/libjava/classpath/javax/net/ssl/SSLEngine.java
new file mode 100644
index 000000000..2ba7bb636
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLEngine.java
@@ -0,0 +1,442 @@
+/* SSLEngine.java -- advanced, generic utility for manipulating SSL messages.
+ Copyright (C) 2006 Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.nio.ByteBuffer;
+
+/**
+ * A class for low-level message wrapping and unwrapping of SSL
+ * messages.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.5
+ */
+public abstract class SSLEngine
+{
+ private final String peerHost;
+ private final int peerPort;
+
+ /**
+ * Creates a new SSLEngine with no peer host name or port number.
+ */
+ protected SSLEngine ()
+ {
+ this (null, -1);
+ }
+
+ /**
+ * Creates a new SSLEngine with the specified peer host name and
+ * port number.
+ *
+ * @param peerHost The peer's host name.
+ * @param peerPort The peer's port number.
+ */
+ protected SSLEngine (String peerHost, int peerPort)
+ {
+ this.peerHost = peerHost;
+ this.peerPort = peerPort;
+ }
+
+
+
+ /**
+ * Begin, or restart, the SSL handshake.
+ *
+ * @throws SSLException
+ */
+ public abstract void beginHandshake () throws SSLException;
+
+ /**
+ * Close the inbound state.
+ *
+ * @throws SSLException
+ */
+ public abstract void closeInbound () throws SSLException;
+
+ /**
+ * Close the outbound state.
+ */
+ public abstract void closeOutbound ();
+
+ /**
+ *
+ */
+ public abstract Runnable getDelegatedTask ();
+
+ /**
+ * Returns the peer host name this SSL session is connected to, or
+ * <code>null</code> if this value was not set.
+ *
+ * @return The peer host's name.
+ */
+ public String getPeerHost ()
+ {
+ return peerHost;
+ }
+
+ /**
+ * Returns the peer IP port number this SSL session in communicating
+ * on, or -1 if this value was not set.
+ *
+ * @return The peer's port number.
+ */
+ public int getPeerPort ()
+ {
+ return peerPort;
+ }
+
+ /**
+ * Returns a list of SSL cipher suite names this SSLEngine is
+ * configured to use.
+ *
+ * @return The list of enabled cipher suite names.
+ */
+ public abstract String[] getEnabledCipherSuites();
+
+ /**
+ * Returns a list of SSL protocol version names this SSLEngine is
+ * configured to use.
+ *
+ * @return The list of enabled protocol names.
+ */
+ public abstract String[] getEnabledProtocols ();
+
+ /**
+ * Tells if sessions will be created by this engine, and therefore
+ * may be resumed at a later time.
+ *
+ * @return True if sessions will be created.
+ */
+ public abstract boolean getEnableSessionCreation();
+
+ /**
+ * Return the current handshake status.
+ *
+ * @return The current handshake status.
+ */
+ public abstract SSLEngineResult.HandshakeStatus getHandshakeStatus ();
+
+ /**
+ * Tells if this SSLEngine is configured to require client
+ * authentication when in server mode.
+ *
+ * @return True iff client authentication is required.
+ */
+ public abstract boolean getNeedClientAuth ();
+
+ /**
+ * Return the {@link SSLSession} object this connection represents.
+ *
+ * @return The SSL session.
+ */
+ public abstract SSLSession getSession ();
+
+ /**
+ * Returns a list of SSL cipher suite names this SSLEngine
+ * implementation supports.
+ *
+ * @return The list of cipher suite names supported by this
+ * implementation.
+ */
+ public abstract String[] getSupportedCipherSuites ();
+
+ /**
+ * Returns a list of SSL protocol version names this SSLEngine
+ * implementation supports. SSL protocol names include things like
+ * "SSLv3" or "TLSv1".
+ *
+ * @return The list of SSL protocol names
+ */
+ public abstract String[] getSupportedProtocols ();
+
+ /**
+ * Tells if this SSLEngine is a "client" session.
+ *
+ * @return True iff this session is configured for client mode.
+ */
+ public abstract boolean getUseClientMode ();
+
+ /**
+ * Tells if client authentication is requested, but not required,
+ * for sessions in server mode. If true, a server session will
+ * request an authentication message from connecting clients, but
+ * will still allow clients to connect if they cannot be
+ * authenticated.
+ *
+ * @return True iff client authentication is requested.
+ */
+ public abstract boolean getWantClientAuth ();
+
+ /**
+ * Tells if the incoming data stream is finished, and thus if no
+ * more data will be available to be unwrapped.
+ *
+ * @return True if no more data is to be unwrapped.
+ */
+ public abstract boolean isInboundDone ();
+
+ /**
+ * Tells if the outgoing data stream is finished, and thus if no
+ * more data may be wrapped.
+ *
+ * @return True if no more data may be wrapped.
+ */
+ public abstract boolean isOutboundDone ();
+
+ /**
+ * Sets the list of enabled cipher suites. The argument is an array
+ * of strings of the canonical suite names.
+ *
+ * @param suites The cipher suites to enable.
+ * @throws IllegalArgumentException If any of the specified suite
+ * strings is not supported by this implementation, or if the
+ * argument is null.
+ */
+ public abstract void setEnabledCipherSuites (String[] suites);
+
+ /**
+ * Sets the list of enabled protocol versions. The argument is an
+ * array of strings of the canonical protocol version names, such as
+ * "TLSv1".
+ *
+ * @param protocols The protocol versions to enable.
+ * @throws IllegalArgumentException If any of the specified
+ * protocols are not supported, or if the argument is null.
+ */
+ public abstract void setEnabledProtocols (String[] protocols);
+
+ /**
+ * Enables or disables session creation. If enabled, each connection
+ * will create session that may be resumed by another connection.
+ *
+ * @param create Whether or not to enable session creation.
+ */
+ public abstract void setEnableSessionCreation (boolean create);
+
+ /**
+ * Enables client or server mode. If the argument is true, this
+ * engine will run in client mode; if false, server mode.
+ *
+ * @param clientMode Whether or not to use client mode.
+ */
+ public abstract void setUseClientMode (boolean clientMode);
+
+ /**
+ * Enables or disables required client authentication. If enabled,
+ * clients may only connect if they provide proper identification.
+ *
+ * <p>This parameter is only used in server mode.
+ *
+ * @param needAuth Whether or not client authentication is required.
+ */
+ public abstract void setNeedClientAuth (boolean needAuth);
+
+ /**
+ * Enables or disables requested client authentication. If enabled,
+ * clients will be asked to provide proper identification, but will
+ * still be allowed to connect if they do not provide it.
+ *
+ * <p>This parameter is only used in server mode.
+ *
+ * @param wantAuth Whether or not client authentication will be
+ * requested, but not required.
+ */
+ public abstract void setWantClientAuth (boolean wantAuth);
+
+ /**
+ * Unwraps a byte buffer recieved from the network, storing the
+ * decrypted, unwrapped bytes into the given buffer.
+ *
+ * <p>This call is exactly equivalent to <code>unwrap (source, new
+ * ByteBuffer[] { sink }, 0, 1)</code>.
+ *
+ * @param source The source bytes, coming from the network.
+ * @param sink The buffer to hold the unwrapped message.
+ * @return An engine result object for the operation.
+ * @throws SSLException If an SSL message parsing error occurs.
+ * @throws java.nio.ReadOnlyBufferException If 'sink' is not
+ * writable.
+ * @throws IllegalArgumentException If either 'source' or 'sink' is
+ * null.
+ * @throws IllegalStateException If this engine has not been put
+ * into client or server mode.
+ */
+ public SSLEngineResult unwrap (ByteBuffer source, ByteBuffer sink)
+ throws SSLException
+ {
+ return unwrap (source, new ByteBuffer[] { sink }, 0, 1);
+ }
+
+ /**
+ * Unwraps a byte buffer recieved from the network, storing the
+ * decrypted, unwrapped bytes into the given buffers.
+ *
+ * <p>This call is exactly equivalent to <code>unwrap (source,
+ * sinks, 0, sinks.length)</code>.
+ *
+ * @param source The source bytes, coming from the network.
+ * @param sinks The buffers to hold the unwrapped message.
+ * @return An engine result object for the operation.
+ * @throws SSLException If an SSL message parsing error occurs.
+ * @throws java.nio.ReadOnlyBufferException If any buffer in 'sinks'
+ * is not writable.
+ * @throws IllegalArgumentException If either 'source' or 'sinks' is
+ * null.
+ * @throws IllegalStateException If this engine has not been put
+ * into client or server mode.
+ */
+ public SSLEngineResult unwrap (ByteBuffer source, ByteBuffer[] sinks)
+ throws SSLException
+ {
+ return unwrap (source, sinks, 0, sinks.length);
+ }
+
+ /**
+ * Unwraps a byte buffer received from the network, storing the
+ * decrypted, unwrapped bytes into the given buffers. After
+ * unwrapping, the bytes placed into the sink buffers are ready for
+ * consumption by the application.
+ *
+ * <p>This method may place no bytes in the destination buffer; for
+ * example, if this engine is still performing the SSL handshake,
+ * only handshake data will be consumed, and no application data.
+ *
+ * <p>It is stated that this method may modify the source buffer,
+ * and that it must not be passed to another SSLEngine (SSL
+ * connections are independent, so another SSLEngine will not have
+ * the parameters or state to handle messages meant for this
+ * engine).
+ *
+ * @param source The source bytes, coming from the network.
+ * @param sinks The buffers to hold the unwrapped message.
+ * @param offset The index of the first buffer in 'sinks' to use.
+ * @param length The number of buffers in 'sinks' to use.
+ * @return An engine result object for the operation.
+ * @throws SSLException If an SSL message parsing error occurs.
+ * @throws java.nio.ReadOnlyBufferException If any buffer in 'sinks'
+ * is not writable.
+ * @throws IllegalArgumentException If either 'source' or 'sinks' is
+ * null.
+ * @throws IllegalStateException If this engine has not been put
+ * into client or server mode.
+ * @throws IndexOutOfBoundsException If 'offset' or 'length' is
+ * negative, or if 'length+offset' is greater than 'sinks.length'.
+ */
+ public abstract SSLEngineResult unwrap (ByteBuffer source,
+ ByteBuffer[] sinks, int offset,
+ int length)
+ throws javax.net.ssl.SSLException;
+
+ /**
+ * Wraps a byte buffer into an SSL message, for preparation to send
+ * it over the network.
+ *
+ * <p>This method is exactly equivalent to <code>wrap (new
+ * ByteBuffer[] { source }, 0, 1, sink)</code>.
+ *
+ * @param source The source buffer with application data.
+ * @param sink The buffer to hold the wrapped data.
+ * @return An engine result object for the operation.
+ * @throws SSLException If an SSL error occurs.
+ * @throws java.nio.ReadOnlyBufferException If 'sink' is read-only.
+ * @throws IllegalArgumentException If either 'source' or 'sink' is
+ * null.
+ * @throws IllegalStateException If this engine has not been put
+ * into client or server mode.
+ */
+ public SSLEngineResult wrap (ByteBuffer source, ByteBuffer sink)
+ throws SSLException
+ {
+ return wrap (new ByteBuffer[] { source }, 0, 1, sink);
+ }
+
+ /**
+ * Wraps byte buffers into an SSL message, for preparation to send
+ * them over the network.
+ *
+ * <p>This method is exactly equivalent to <code>wrap (sources, 0,
+ * 1, sink)</code>.
+ *
+ * @param sources The source buffers with application data.
+ * @param sink The buffer to hold the wrapped data.
+ * @return An engine result object for the operation.
+ * @throws SSLException If an SSL error occurs.
+ * @throws java.nio.ReadOnlyBufferException If 'sink' is read-only.
+ * @throws IllegalArgumentException If either 'sources' or 'sink' is
+ * null.
+ * @throws IllegalStateException If this engine has not been put
+ * into client or server mode.
+ */
+ public SSLEngineResult wrap (ByteBuffer[] sources, ByteBuffer sink)
+ throws SSLException
+ {
+ return wrap (sources, 0, sources.length, sink);
+ }
+
+ /**
+ * Wraps byte buffers into an SSL message, for preparation to send
+ * them over the network. After wrapping, the data in the sink
+ * buffer is ready to be sent over the transport layer.
+ *
+ * <p>This method may consume no data from the source buffers, and
+ * yet still produce output that should be sent accross the wire;
+ * for example if this engine has not yet completed the SSL
+ * handshake, the sink buffer will be filled with handshake
+ * messages.
+ *
+ * @param sources The source buffers with application data.
+ * @param offset The offset into the source buffers to start reading
+ * application data.
+ * @param length The number of buffers to read from 'sources'.
+ * @param sink The buffer to hold the wrapped data.
+ * @return An engine result object for the operation.
+ * @throws SSLException If an SSL error occurs.
+ * @throws java.nio.ReadOnlyBufferException If 'sink' is read-only.
+ * @throws IllegalArgumentException If either 'sources' or 'sink' is
+ * null.
+ * @throws IllegalStateException If this engine has not been put
+ * into client or server mode.
+ * @throws IndexOutOfBoundsException If 'offset' or 'length' is
+ * negative, or if 'length+offset' is greater than 'sources.length'.
+ */
+ public abstract SSLEngineResult wrap (ByteBuffer[] sources, int offset,
+ int length, ByteBuffer sink)
+ throws SSLException;
+
+}
diff --git a/libjava/classpath/javax/net/ssl/SSLEngineResult.java b/libjava/classpath/javax/net/ssl/SSLEngineResult.java
new file mode 100644
index 000000000..4d15258f3
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLEngineResult.java
@@ -0,0 +1,194 @@
+/* SSLEngineResult.java --
+ Copyright (C) 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * A result from an {@link SSLEngine} <code>wrap</code> or
+ * <code>unwrap</code> operation. This class conveys a possibly
+ * intermediate result, and may ask for more input data or request
+ * that output data be sent over a connection.
+ */
+public class SSLEngineResult
+{
+ private final HandshakeStatus handshakeStatus;
+ private final Status status;
+ private final int bytesConsumed;
+ private final int bytesProduced;
+
+ /**
+ * Creates a new SSL engine result.
+ *
+ * @param status The status of the SSL connection.
+ * @param handshakeStatus The status of the SSL handshake.
+ * @param bytesConsumed The number of bytes consumed by the previous
+ * operation.
+ * @param bytesProduced The number of bytes produced by the previous
+ * operation.
+ * @throws IllegalArgumentException If either enum value is
+ * <code>null</code>, or if either integer is negative.
+ */
+ public SSLEngineResult (Status status, HandshakeStatus handshakeStatus,
+ int bytesConsumed, int bytesProduced)
+ {
+ if (status == null)
+ throw new IllegalArgumentException ("'status' may not be null");
+ if (handshakeStatus == null)
+ throw new IllegalArgumentException ("'handshakeStatus' may not be null");
+ if (bytesConsumed < 0)
+ throw new IllegalArgumentException ("'bytesConumed' must be nonnegative");
+ if (bytesProduced < 0)
+ throw new IllegalArgumentException ("'bytesProduced' must be nonnegative");
+ this.status = status;
+ this.handshakeStatus = handshakeStatus;
+ this.bytesConsumed = bytesConsumed;
+ this.bytesProduced = bytesProduced;
+ }
+
+
+
+ /**
+ * An enumeration of possible general states.
+ */
+ public static enum Status
+ {
+
+ /**
+ * There were not enough input bytes available to complete the
+ * operation.
+ */
+ BUFFER_UNDERFLOW,
+
+ /**
+ * There was not enough space for the output message.
+ */
+ BUFFER_OVERFLOW,
+
+ /**
+ * Okay. No error.
+ */
+ OK,
+
+ /**
+ * The connection is closed.
+ */
+ CLOSED
+ }
+
+ /**
+ * An enumeration of possible handshake status states.
+ */
+ public static enum HandshakeStatus
+ {
+
+ /**
+ * Not currently handshaking.
+ */
+ NOT_HANDSHAKING,
+
+ /**
+ * The handshake is finished.
+ */
+ FINISHED,
+
+ /**
+ * Needs the status of one or more delegated tasks.
+ */
+ NEED_TASK,
+
+ /**
+ * Has data prepared for output, and needs a new call to
+ * <code>wrap</code>.
+ */
+ NEED_WRAP,
+
+ /**
+ * Is waiting for more input.
+ */
+ NEED_UNWRAP
+ }
+
+
+
+ /**
+ * Returns the number of bytes consumed by the previous operation.
+ *
+ * @return The number of bytes consumed.
+ */
+ public int bytesConsumed ()
+ {
+ return bytesConsumed;
+ }
+
+ /**
+ * Returns the number of bytes produced by the previous operation.
+ *
+ * @return The number of bytes produced.
+ */
+ public int bytesProduced ()
+ {
+ return bytesProduced;
+ }
+
+ /**
+ * Returns the handshake status.
+ *
+ * @return The handshake status.
+ */
+ public HandshakeStatus getHandshakeStatus ()
+ {
+ return handshakeStatus;
+ }
+
+ /**
+ * Returns the connection status.
+ *
+ * @return The connection status.
+ */
+ public Status getStatus ()
+ {
+ return status;
+ }
+
+ public String toString ()
+ {
+ return (super.toString () + " [ status: " + status + "; handshakeStatus: "
+ + handshakeStatus + "; bytesConsumed: " + bytesConsumed
+ + "; bytesProduced: " + bytesProduced + " ]");
+ }
+}
diff --git a/libjava/classpath/javax/net/ssl/SSLException.java b/libjava/classpath/javax/net/ssl/SSLException.java
new file mode 100644
index 000000000..c72671730
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLException.java
@@ -0,0 +1,91 @@
+/* SSLException.java -- generic SSL exception.
+ Copyright (C) 2004, 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.io.IOException;
+
+/**
+ * The superclass of all possible SSL exceptions. Usually, a specific
+ * exception is thrown instead of this exception.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ *
+ * @since 1.4
+ */
+public class SSLException extends IOException
+{
+ private static final long serialVersionUID = 4511006460650708967L;
+
+ // Constructor.
+ // ------------------------------------------------------------------
+
+ /**
+ * Create a new instance with a descriptive error message.
+ *
+ * @param message the descriptive error message
+ */
+ public SSLException(String message)
+ {
+ super(message);
+ }
+
+ /**
+ * Create a new instance with a descriptive error message and
+ * a cause.
+ * @param message the descriptive error message
+ * @param cause the cause
+ * @since 1.5
+ */
+ public SSLException(String message, Throwable cause)
+ {
+ super(message);
+ initCause(cause);
+ }
+
+ /**
+ * Create a new instance with a cause.
+ * @param cause the cause
+ * @since 1.5
+ */
+ public SSLException(Throwable cause)
+ {
+ super(cause == null ? null : cause.toString());
+ initCause(cause);
+ }
+}
diff --git a/libjava/classpath/javax/net/ssl/SSLHandshakeException.java b/libjava/classpath/javax/net/ssl/SSLHandshakeException.java
new file mode 100644
index 000000000..2572d3b53
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLHandshakeException.java
@@ -0,0 +1,51 @@
+/* SSLHandshakeException.java -- exception in SSL handshake.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * An exception that signals an error in the SSL handshake phase.
+ */
+public class SSLHandshakeException extends SSLException
+{
+
+ public SSLHandshakeException(String message)
+ {
+ super(message);
+ }
+}
diff --git a/libjava/classpath/javax/net/ssl/SSLKeyException.java b/libjava/classpath/javax/net/ssl/SSLKeyException.java
new file mode 100644
index 000000000..bab47275d
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLKeyException.java
@@ -0,0 +1,52 @@
+/* SSLKeyException.java -- exception in using a key in SSL.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * An exception signaling a problem using a public or private key in
+ * an SSL communication.
+ */
+public class SSLKeyException extends SSLException
+{
+
+ public SSLKeyException(String message)
+ {
+ super(message);
+ }
+}
diff --git a/libjava/classpath/javax/net/ssl/SSLPeerUnverifiedException.java b/libjava/classpath/javax/net/ssl/SSLPeerUnverifiedException.java
new file mode 100644
index 000000000..c53fcdf5a
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLPeerUnverifiedException.java
@@ -0,0 +1,51 @@
+/* SSLPeerUnverifiedException.java -- unverified peer exception.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * An exception thrown when the remote peer could not be verified.
+ */
+public class SSLPeerUnverifiedException extends SSLException
+{
+
+ public SSLPeerUnverifiedException(String message)
+ {
+ super(message);
+ }
+}
diff --git a/libjava/classpath/javax/net/ssl/SSLPermission.java b/libjava/classpath/javax/net/ssl/SSLPermission.java
new file mode 100644
index 000000000..4b1e29539
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLPermission.java
@@ -0,0 +1,66 @@
+/* SSLPermission.java -- SSL permission class.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.security.BasicPermission;
+
+/**
+ * A permission used for accessing SSL classes.
+ */
+public final class SSLPermission extends BasicPermission
+{
+
+ // Constant.
+ // -------------------------------------------------------------------------
+
+ private static final long serialVersionUID = -3456898025505876775L;
+
+ // Constructors.
+ // -------------------------------------------------------------------------
+
+ public SSLPermission(String name)
+ {
+ super(name);
+ }
+
+ public SSLPermission(String name, String actions)
+ {
+ super(name, actions);
+ }
+}
diff --git a/libjava/classpath/javax/net/ssl/SSLProtocolException.java b/libjava/classpath/javax/net/ssl/SSLProtocolException.java
new file mode 100644
index 000000000..5f9f327a3
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLProtocolException.java
@@ -0,0 +1,53 @@
+/* SSLProtocolException.java -- exception in SSL protocol.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * An exception thrown when a fatal protocol error is encountered. This
+ * exception usually indicates some serious problem with the local or
+ * remote SSL implementation.
+ */
+public class SSLProtocolException extends SSLException
+{
+
+ public SSLProtocolException(String message)
+ {
+ super(message);
+ }
+}
diff --git a/libjava/classpath/javax/net/ssl/SSLServerSocket.java b/libjava/classpath/javax/net/ssl/SSLServerSocket.java
new file mode 100644
index 000000000..5748c0794
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLServerSocket.java
@@ -0,0 +1,188 @@
+/* SSLServerSocket.java -- a server socket for SSL connections.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.io.IOException;
+
+import java.net.InetAddress;
+import java.net.ServerSocket;
+
+/**
+ * A server socket that allows clients to connect via the SSL protocol.
+ */
+public abstract class SSLServerSocket extends ServerSocket
+{
+
+ // Constructors.
+ // -------------------------------------------------------------------------
+
+ protected SSLServerSocket() throws IOException
+ {
+ super();
+ //super(0);
+ //throw new UnsupportedOperationException("1.4 socket methods not enabled");
+ }
+
+ protected SSLServerSocket(int port) throws IOException
+ {
+ super(port);
+ }
+
+ protected SSLServerSocket(int port, int backlog) throws IOException
+ {
+ super(port, backlog);
+ }
+
+ protected SSLServerSocket(int port, int backlog, InetAddress bindAddress)
+ throws IOException
+ {
+ super(port, backlog, bindAddress);
+ }
+
+ // Abstract methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Returns the list of cihper suites that are currently enabled in this
+ * server socket. Sockets accepted by this server socket will only have
+ * these suites enabled.
+ *
+ * @return The enabled cipher suites.
+ */
+ public abstract String[] getEnabledCipherSuites();
+
+ /**
+ * Sets the list enabled cipher suites.
+ *
+ * @param suites The cipher suites to enable.
+ */
+ public abstract void setEnabledCipherSuites(String[] suites);
+
+ /**
+ * Returns the list of enabled protocols, such as "SSLv3" and "TLSv1".
+ *
+ * @return The enabled protocols.
+ */
+ public abstract String[] getEnabledProtocols();
+
+ /**
+ * Sets the list of enabled protocols.
+ *
+ * @param protocols The list of protocols to enable.
+ */
+ public abstract void setEnabledProtocols(String[] protocols);
+
+ /**
+ * Returns whether or not sessions will be created, i.e., whether or not
+ * this server socket will allow SSL session resumption.
+ *
+ * @return True if sessions will be created.
+ */
+ public abstract boolean getEnableSessionCreation();
+
+ /**
+ * Sets whether or not sessions will be created.
+ *
+ * @param enabled The new enabled value.
+ */
+ public abstract void setEnableSessionCreation(boolean enabled);
+
+ /**
+ * Returns whether or not this server socket will require clients to
+ * authenticate themselves, such as through a certificate.
+ *
+ * @return True if clients must authenticate themselves.
+ */
+ public abstract boolean getNeedClientAuth();
+
+ /**
+ * Enabled or disables the requirement that clients authenticate themselves.
+ * When this is set to <code>true</code>, connections will be rejected if
+ * connecting clients do not provide proper authentication.
+ *
+ * @param needAuth The new need auth value.
+ */
+ public abstract void setNeedClientAuth(boolean needAuth);
+
+ /**
+ * Returns whether or not sockets accepted by this server socket will do
+ * their handshake as the client-side. The default is false.
+ *
+ * @return True if client mode will be used.
+ */
+ public abstract boolean getUseClientMode();
+
+ /**
+ * Sets whether or not sockets accepted by this server socket will be
+ * created in client mode.
+ *
+ * @param clientMode The new client mode value.
+ */
+ public abstract void setUseClientMode(boolean clientMode);
+
+ /**
+ * Returns whether or not this socket will ask for, but not require, that
+ * connecting clients authenticate themselves. Clients that do not
+ * provide authentication they will still be allowed to connect.
+ *
+ * @return True if this server socket wants client authentication.
+ */
+ public abstract boolean getWantClientAuth();
+
+ /**
+ * Sets whether or not this server socket will want client authentication.
+ *
+ * @param wantAuth The new want auth value.
+ */
+ public abstract void setWantClientAuth(boolean wantAuth);
+
+ /**
+ * Returns a list of cipher suites that this server socket supports.
+ *
+ * @return The list of supported suites.
+ */
+ public abstract String[] getSupportedCipherSuites();
+
+ /**
+ * Returns a list of SSL protocols supported by this server socket.
+ *
+ * @return The list of supported protocols.
+ */
+ public abstract String[] getSupportedProtocols();
+}
diff --git a/libjava/classpath/javax/net/ssl/SSLServerSocketFactory.java b/libjava/classpath/javax/net/ssl/SSLServerSocketFactory.java
new file mode 100644
index 000000000..8bfe8c145
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLServerSocketFactory.java
@@ -0,0 +1,221 @@
+/* SSLServerSocketFactory.java -- factory for SSL server sockets.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.ServerSocket;
+import java.security.KeyStore;
+import java.security.Security;
+
+import javax.net.ServerSocketFactory;
+
+/**
+ * A server socket factory for <i>Secure Socket Layer</i> (<b>SSL</b>)
+ * server sockets.
+ */
+public abstract class SSLServerSocketFactory extends ServerSocketFactory
+{
+ // Field.
+ // -------------------------------------------------------------------------
+
+ private static SSLContext context;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ protected SSLServerSocketFactory()
+ {
+ super();
+ }
+
+ // Class methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Returns a default implementation of a SSL server socket factory.
+ *
+ * <p>To control the class that gets returned by this method, set the
+ * security property "ssl.ServerSocketFactory.provider" to the class
+ * name of a concrete implementation of this class. If not set, a
+ * system-dependent implementation will be used.</p>
+ *
+ * <p>The implementation returned is created by the first implementation
+ * of the {@link SSLContext} class found, which is initialized with
+ * default parameters. To control the key and trust manager factory
+ * algorithms used as defaults, set the security properties
+ * "ssl.keyManagerFactory.algorithm" and "ssl.trustManagerFactory.algorithm"
+ * to the appropriate names.</p>
+ *
+ * <p>Using this method is not recommended. Instead, use the methods of
+ * {@link SSLContext}, which provide much better control over the
+ * creation of server socket factories.</p>
+ *
+ * @return The default server socket factory.
+ * @throws RuntimeException If no default can be created.
+ */
+ public static synchronized ServerSocketFactory getDefault()
+ {
+ try
+ {
+ String s = Security.getProperty("ssl.ServerSocketFactory.provider");
+ ClassLoader cl = ClassLoader.getSystemClassLoader();
+ if (s != null && cl != null)
+ {
+ return (ServerSocketFactory) cl.loadClass(s).newInstance();
+ }
+ }
+ catch (Exception e)
+ {
+ }
+ if (context == null)
+ {
+ KeyManager[] km = null;
+ TrustManager[] tm = null;
+
+ // 1. Determine which algorithms to use for the key and trust
+ // manager factories.
+ String kmAlg = KeyManagerFactory.getDefaultAlgorithm();
+ String tmAlg = TrustManagerFactory.getDefaultAlgorithm();
+ // 2. Try to initialize the factories with default parameters.
+ try
+ {
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance(kmAlg);
+ kmf.init(null, null);
+ km = kmf.getKeyManagers();
+ }
+ catch (Exception ex)
+ {
+ }
+ try
+ {
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmAlg);
+ tmf.init((KeyStore) null);
+ tm = tmf.getTrustManagers();
+ }
+ catch (Exception ex)
+ {
+ }
+
+ // 3. Create and initialize a context.
+ try
+ {
+ context = SSLContext.getInstance("SSLv3");
+ context.init(km, tm, null);
+ }
+ catch (Exception ex)
+ {
+ return new ErrorServerSocketFactory(new RuntimeException(
+ "error instantiating default server socket factory: "
+ + ex.toString(), ex));
+ }
+ }
+ try
+ {
+ return context.getServerSocketFactory();
+ }
+ catch (Exception e)
+ {
+ }
+ return new ErrorServerSocketFactory(new RuntimeException(
+ "no SSLSocketFactory implementation available"));
+ }
+
+ private static final class ErrorServerSocketFactory
+ extends SSLServerSocketFactory
+ {
+ private RuntimeException x;
+
+ ErrorServerSocketFactory(RuntimeException x)
+ {
+ this.x = x;
+ }
+
+ public ServerSocket createServerSocket() throws IOException
+ {
+ throw (IOException) new IOException().initCause(x);
+ }
+
+ public ServerSocket createServerSocket(int port) throws IOException
+ {
+ throw (IOException) new IOException().initCause(x);
+ }
+
+ public ServerSocket createServerSocket(int port, int backlog)
+ throws IOException
+ {
+ throw (IOException) new IOException().initCause(x);
+ }
+
+ public ServerSocket createServerSocket(int port, int backlog,
+ InetAddress ifAddress)
+ throws IOException
+ {
+ throw (IOException) new IOException().initCause(x);
+ }
+
+ public String[] getDefaultCipherSuites()
+ {
+ throw new RuntimeException(x);
+ }
+
+ public String[] getSupportedCipherSuites()
+ {
+ throw new RuntimeException(x);
+ }
+ }
+
+ // Abstract methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Returns the list of cipher suites that will be enabled in server sockets
+ * created by this factory.
+ *
+ * @return The default cipher suites.
+ */
+ public abstract String[] getDefaultCipherSuites();
+
+ /**
+ * Returns the list of all cipher suites supported by this factory.
+ *
+ * @return The list of supported cipher suites.
+ */
+ public abstract String[] getSupportedCipherSuites();
+}
diff --git a/libjava/classpath/javax/net/ssl/SSLSession.java b/libjava/classpath/javax/net/ssl/SSLSession.java
new file mode 100644
index 000000000..c8a4785f9
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLSession.java
@@ -0,0 +1,235 @@
+/* SSLSession.java -- an SSL session.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.security.Principal;
+import java.security.cert.Certificate;
+
+import javax.security.cert.X509Certificate;
+
+/**
+ * An SSL session is a mechanism through which connections can be established
+ * by re-using previously negotiated handshakes.
+ */
+public interface SSLSession
+{
+
+ /**
+ * Returns the size of the largest application data buffer that can
+ * occur in this session.
+ *
+ * <p>Buffers passed to handle the incoming data for the
+ * <code>unwrap</code> method of SSLEngine must be at least this
+ * large.
+ *
+ * @return The size of application buffers.
+ * @since 1.5
+ */
+ int getApplicationBufferSize ();
+
+ /**
+ * Returns this session's cihper suite.
+ *
+ * @return The cipher suite.
+ */
+ String getCipherSuite();
+
+ /**
+ * Returns the time in milliseconds since midnight GMT, 1 January 1970, that
+ * this session was created.
+ *
+ * @return The creation time.
+ */
+ long getCreationTime();
+
+ /**
+ * Returns this session's unique identifier, a arbitrary byte array of up
+ * to 32 bytes.
+ *
+ * @return The session identifier.
+ */
+ byte[] getId();
+
+ /**
+ * Returns the last time this session was accessed.
+ *
+ * @return The lest time this session was accessed.
+ */
+ long getLastAccessedTime();
+
+ /**
+ * Returns the chain of certificates that the local side used in the
+ * handshake, or null if none were used.
+ *
+ * @return The local certificate chain.
+ */
+ Certificate[] getLocalCertificates();
+
+ /**
+ * Returns the {@link Principal} representing the local identity
+ * used in this session, or <code>null</code> if there is no local
+ * identity.
+ *
+ * @return The local principal.
+ */
+ Principal getLocalPrincipal ();
+
+ /**
+ * Returns the size of the largest SSL message that will be
+ * generated by this session.
+ *
+ * <p>Callers of <code>wrap</code> and <code>unwrap</code> should
+ * use this value to determine the size of buffers for data coming
+ * into, or going out over, the network.
+ *
+ * @returns The maximum network packet size.
+ * @since 1.5
+ */
+ int getPacketBufferSize ();
+
+ /**
+ * Returns the chain of certificates that the remote side used in
+ * the handshake, or null if none were used.
+ *
+ * @return The peer's certificate chain.
+ * @throws SSLPeerUnverifiedException If the identity of the peer has
+ * not been verified.
+ */
+ Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException;
+
+ /**
+ * Returns the chain of certificates that the remote side used in
+ * the handshake, or null if none were used.
+ *
+ * @return The peer's certificate chain.
+ * @throws SSLPeerUnverifiedException If the identity of the peer has
+ * not been verified.
+ */
+ X509Certificate[] getPeerCertificateChain()
+ throws SSLPeerUnverifiedException;
+
+ /**
+ * Returns the remote host's name.
+ *
+ * @return The name of the remote host.
+ */
+ String getPeerHost();
+
+ /**
+ * Returns the port number the remote peer is using for this
+ * session.
+ *
+ * @return The peer's port number.
+ * @since 1.5
+ */
+ int getPeerPort ();
+
+ /**
+ * Returns the {@link Principal} representing the identity of the
+ * remote peer, or <code>null</code> if the remote peer has no known
+ * identity.
+ *
+ * @return The remote peer's principal.
+ * @throws SSLPeerUnverifiedException If the remote peer's identity
+ * could not be verified.
+ * @since 1.5
+ */
+ Principal getPeerPrincipal () throws SSLPeerUnverifiedException;
+
+ /**
+ * Returns the protocol this session uses.
+ *
+ * @return The protocol.
+ */
+ String getProtocol();
+
+ /**
+ * Returns this session's session context object.
+ *
+ * @return The session context.
+ * @throws SecurityException If the caller does not have the
+ * {@link SSLPermission} "getSessionContext".
+ */
+ SSLSessionContext getSessionContext();
+
+ /**
+ * Returns the names of all values bound to this session.
+ *
+ * @return The list of bound names.
+ */
+ String[] getValueNames();
+
+ /**
+ * Returns the object bound to the given name.
+ *
+ * @param name The name of the value to get.
+ * @return The object bound by that name, or null.
+ */
+ Object getValue(String name);
+
+ /**
+ * Invalidates this session, ensuring that it will not be continued by
+ * another socket.
+ */
+ void invalidate();
+
+ /**
+ * Tells if this session is currently valid, and may be resumed.
+ *
+ * @return True if this session is valid.
+ * @since 1.5
+ * @see #invalidate()
+ */
+ boolean isValid ();
+
+ /**
+ * Binds a value to this session, with the given name.
+ *
+ * @param name The name to bind the object with.
+ * @param value The value to bind.
+ */
+ void putValue(String name, Object value);
+
+ /**
+ * Un-binds a value.
+ *
+ * @param name The name of the value to un-bind.
+ */
+ void removeValue(String name);
+}
diff --git a/libjava/classpath/javax/net/ssl/SSLSessionBindingEvent.java b/libjava/classpath/javax/net/ssl/SSLSessionBindingEvent.java
new file mode 100644
index 000000000..af26efaa8
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLSessionBindingEvent.java
@@ -0,0 +1,94 @@
+/* SSLSessionBindingEvent.java -- SSL binding event.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.util.EventObject;
+
+/**
+ * An event raised by {@link SSLSession} objects when objects are bound to
+ * them.
+ */
+public class SSLSessionBindingEvent extends EventObject
+{
+
+ // Fields.
+ // -------------------------------------------------------------------
+
+ private static final long serialVersionUID = 3989172637106345L;
+
+ private final String name;
+
+ // Constructor.
+ // -------------------------------------------------------------------
+
+ /**
+ * Creates a new binding event.
+ *
+ * @param session The session being bound to.
+ * @param name The name the object was bound under.
+ */
+ public SSLSessionBindingEvent(SSLSession session, String name)
+ {
+ super(session);
+ this.name = name;
+ }
+
+ // Instance methods.
+ // --------------------------------------------------------------------
+
+ /**
+ * Returns the name the object was bound under.
+ *
+ * @return The name.
+ */
+ public String getName()
+ {
+ return name;
+ }
+
+ /**
+ * Returns the session that the object was bound to.
+ *
+ * @return The session.
+ */
+ public SSLSession getSession()
+ {
+ return (SSLSession) getSource();
+ }
+}
diff --git a/libjava/classpath/javax/net/ssl/SSLSessionBindingListener.java b/libjava/classpath/javax/net/ssl/SSLSessionBindingListener.java
new file mode 100644
index 000000000..1941ce553
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLSessionBindingListener.java
@@ -0,0 +1,65 @@
+/* SSLSessionBindingListener.java -- listener for SSL bindings.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.util.EventListener;
+
+/**
+ * An event listener interface that should be notified when it is bound or
+ * unbound to a {@link SSLSession}.
+ */
+public interface SSLSessionBindingListener extends EventListener
+{
+
+ /**
+ * This method is called of all objects when they are bound to an SSL
+ * session.
+ *
+ * @param event The binding event.
+ */
+ void valueBound(SSLSessionBindingEvent event);
+
+ /**
+ * This method is called of all objects when they are unbound to an SSL
+ * session.
+ *
+ * @param event The binding event.
+ */
+ void valueUnbound(SSLSessionBindingEvent event);
+}
diff --git a/libjava/classpath/javax/net/ssl/SSLSessionContext.java b/libjava/classpath/javax/net/ssl/SSLSessionContext.java
new file mode 100644
index 000000000..f9127e781
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLSessionContext.java
@@ -0,0 +1,103 @@
+/* SSLSessionContext.java -- collection of SSL sessions.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.util.Enumeration;
+
+/**
+ * A collection of saved SSL sessions, with thier corresponding session
+ * IDs.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public interface SSLSessionContext
+{
+
+ /**
+ * Returns an enumeration of all saved session IDs. Every element in
+ * the returned enumeration is a byte array.
+ *
+ * @return The session IDs.
+ */
+ Enumeration getIds();
+
+ /**
+ * Gets the session specified by its ID, or <code>null</code> if there
+ * is no session, or if it has expired.
+ *
+ * @param sessionId The ID of the session to get.
+ * @return The session, or <code>null</code>.
+ */
+ SSLSession getSession(byte[] sessionId);
+
+ /**
+ * Returns the maximum number of sessions that may be cached by this
+ * session context.
+ *
+ * @return The maximum number of sessions that may be cached.
+ */
+ int getSessionCacheSize();
+
+ /**
+ * Returns the period of time (in seconds) that a session may be cached
+ * for before becoming invalid.
+ *
+ * @return The time a session may be valid.
+ */
+ int getSessionTimeout();
+
+ /**
+ * Sets the maximum number of sessions that may be cached by this
+ * session context. A cache size of 0 means no limit.
+ *
+ * @param size The new cache size.
+ * @throws IllegalArgumentException If <code>size</code> is negative.
+ */
+ void setSessionCacheSize(int size);
+
+ /**
+ * Sets the period of time (in seconds) that a session may be cached
+ * for before becoming invalid. A timeout of 0 means that sessions
+ * never expire.
+ *
+ * @param seconds The new timeout.
+ * @throws IllegalArgumentException If <code>seconds</code> is negative.
+ */
+ void setSessionTimeout(int seconds);
+}
diff --git a/libjava/classpath/javax/net/ssl/SSLSocket.java b/libjava/classpath/javax/net/ssl/SSLSocket.java
new file mode 100644
index 000000000..32a2b5f17
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLSocket.java
@@ -0,0 +1,229 @@
+/* SSLSocket.java -- an SSL client socket.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+
+/**
+ * A socket that communicates over the secure socket layer protocol.
+ */
+public abstract class SSLSocket extends Socket
+{
+
+ // Constructors.
+ // -------------------------------------------------------------------------
+
+ protected SSLSocket()
+ {
+ super();
+ }
+
+ protected SSLSocket(String host, int port)
+ throws IOException, UnknownHostException
+ {
+ super(host, port);
+ }
+
+ protected SSLSocket(InetAddress address, int port) throws IOException
+ {
+ super(address, port);
+ }
+
+ protected SSLSocket(String host, int port,
+ InetAddress localAddr, int localPort)
+ throws IOException, UnknownHostException
+ {
+ super(host, port, localAddr, localPort);
+ }
+
+ protected SSLSocket(InetAddress address, int port,
+ InetAddress localAddr, int localPort)
+ throws IOException
+ {
+ super(address, port, localAddr, localPort);
+ }
+
+ // Abstract methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Adds a handshake completed listener that wants to be notified when the
+ * SSL handshake completes.
+ *
+ * @param listener The listener to add.
+ */
+ public abstract void
+ addHandshakeCompletedListener(HandshakeCompletedListener listener);
+
+ /**
+ * Removes a handshake listener from this socket.
+ *
+ * @param listener The listener to remove.
+ */
+ public abstract void
+ removeHandshakeCompletedListener(HandshakeCompletedListener listener);
+
+ /**
+ * Returns the list of currently enabled cipher suites.
+ *
+ * @return The list of enabled cipher suites.
+ */
+ public abstract String[] getEnabledCipherSuites();
+
+ /**
+ * Sets the list of enabled cipher suites.
+ *
+ * @param suites The list of suites to enable.
+ */
+ public abstract void setEnabledCipherSuites(String[] suites);
+
+ /**
+ * Returns the list of enabled SSL protocols.
+ *
+ * @return The list of enabled protocols.
+ */
+ public abstract String[] getEnabledProtocols();
+
+ /**
+ * Sets the list of enabled SSL protocols.
+ *
+ * @param protocols The list of protocols to enable.
+ */
+ public abstract void setEnabledProtocols(String[] protocols);
+
+ /**
+ * Returns whether or not sessions will be created by this socket, and thus
+ * allow sessions to be continued later.
+ *
+ * @return Whether or not sessions will be created.
+ */
+ public abstract boolean getEnableSessionCreation();
+
+ /**
+ * Sets whether or not sessions will be created by this socket.
+ *
+ * @param enable The new value.
+ */
+ public abstract void setEnableSessionCreation(boolean enable);
+
+ /**
+ * Returns whether or not this socket will require connecting clients to
+ * authenticate themselves. This value only applies to sockets in server
+ * mode.
+ *
+ * @return Whether or not this socket requires client authentication.
+ */
+ public abstract boolean getNeedClientAuth();
+
+ /**
+ * Sets whether or not this socket will require connecting clients to
+ * authenticate themselves. This value only applies to sockets in server
+ * mode.
+ *
+ * @param needAuth The new need auth value.
+ */
+ public abstract void setNeedClientAuth(boolean needAuth);
+
+ /**
+ * Returns this socket's session object.
+ *
+ * @return The session.
+ */
+ public abstract SSLSession getSession();
+
+ /**
+ * Returns the list of cipher suites supported by this socket.
+ *
+ * @return The list of supported cipher suites.
+ */
+ public abstract String[] getSupportedCipherSuites();
+
+ /**
+ * Returns the list of protocols supported by this socket.
+ *
+ * @return The list of supported protocols.
+ */
+ public abstract String[] getSupportedProtocols();
+
+ /**
+ * Returns whether or not this socket will connect in client mode.
+ *
+ * @return True if this is a client socket.
+ */
+ public abstract boolean getUseClientMode();
+
+ /**
+ * Sets whether or not this socket will connect in client mode.
+ *
+ * @param clientMode The new value.
+ */
+ public abstract void setUseClientMode(boolean clientMode);
+
+ /**
+ * Returns whether or not this socket will request that connecting clients
+ * authenticate themselves. This value only applies to sockets in server
+ * mode.
+ *
+ * @return The want client auth value.
+ */
+ public abstract boolean getWantClientAuth();
+
+ /**
+ * Sets whether or not this socket will request that connecting clients
+ * authenticate themselves. This value only applies to sockets in server
+ * mode.
+ *
+ * @param wantAuth The new want auth value.
+ */
+ public abstract void setWantClientAuth(boolean wantAuth);
+
+ /**
+ * Explicitly begins the handshake, or, if the handshake has already
+ * completed, requests that the handshake be repeated.
+ *
+ * <p>The handshake will begin implicitly when any attempt to read or
+ * write to the socket is made.</p>
+ *
+ * @throws IOException If an I/O or SSL error occurs.
+ */
+ public abstract void startHandshake() throws IOException;
+}
diff --git a/libjava/classpath/javax/net/ssl/SSLSocketFactory.java b/libjava/classpath/javax/net/ssl/SSLSocketFactory.java
new file mode 100644
index 000000000..2cfb49207
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLSocketFactory.java
@@ -0,0 +1,250 @@
+/* SSLSocketFactory.java -- factory for SSL client sockets.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.security.KeyStore;
+import java.security.Security;
+
+import javax.net.SocketFactory;
+
+/**
+ * A socket factory for creating <i>Secure Socket Layer</i> (<b>SSL</b>)
+ * sockets.
+ */
+public abstract class SSLSocketFactory extends SocketFactory
+{
+ // Constants.
+ // -------------------------------------------------------------------------
+
+ private static SSLContext context;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ public SSLSocketFactory()
+ {
+ super();
+ }
+
+ // Class methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Returns a default implementation of a SSL socket factory.
+ *
+ * <p>To control the class that gets returned by this method, set the
+ * security property "ssl.SocketFactory.provider" to the class
+ * name of a concrete implementation of this class. If not set, a
+ * system-dependent implementation will be used.</p>
+ *
+ * <p>The implementation returned is created by the first implementation
+ * of the {@link SSLContext} class found, which is initialized with
+ * default parameters. To control the key and trust manager factory
+ * algorithms used as defaults, set the security properties
+ * "ssl.keyManagerFactory.algorithm" and "ssl.trustManagerFactory.algorithm"
+ * to the appropriate names.</p>
+ *
+ * <p>Using this method is not recommended. Instead, use the methods of
+ * {@link SSLContext}, which provide much better control over the
+ * creation of socket factories.</p>
+ *
+ * @return The default socket factory.
+ * @throws RuntimeException If no default can be created.
+ */
+ public static synchronized SocketFactory getDefault()
+ {
+ try
+ {
+ String s = Security.getProperty("ssl.SocketFactory.provider");
+ ClassLoader cl = ClassLoader.getSystemClassLoader();
+ if (s != null && cl != null)
+ {
+ return (SocketFactory) cl.loadClass(s).newInstance();
+ }
+ }
+ catch (Exception e)
+ {
+ }
+ if (context == null)
+ {
+ KeyManager[] km = null;
+ TrustManager[] tm = null;
+
+ // 1. Determine which algorithms to use for the key and trust
+ // manager factories.
+ String kmAlg = KeyManagerFactory.getDefaultAlgorithm();
+ String tmAlg = TrustManagerFactory.getDefaultAlgorithm();
+
+ // 2. Try to initialize the factories with default parameters.
+ try
+ {
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance(kmAlg);
+ kmf.init(null, null);
+ km = kmf.getKeyManagers();
+ }
+ catch (Exception ex)
+ {
+ }
+ try
+ {
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmAlg);
+ tmf.init((KeyStore) null);
+ tm = tmf.getTrustManagers();
+ }
+ catch (Exception ex)
+ {
+ }
+
+ // 3. Create and initialize a context.
+ try
+ {
+ context = SSLContext.getInstance("SSLv3");
+ context.init(km, tm, null);
+ }
+ catch (Exception ex)
+ {
+ return new ErrorSocketFactory(new RuntimeException(
+ "error instantiating default socket factory: " + ex.toString(),
+ ex));
+ }
+ }
+ try
+ {
+ return context.getSocketFactory();
+ }
+ catch (Exception e)
+ {
+ }
+ return new ErrorSocketFactory(new RuntimeException(
+ "no SSLSocketFactory implementation available"));
+ }
+
+ private static final class ErrorSocketFactory extends SSLSocketFactory
+ {
+ private RuntimeException x;
+
+ ErrorSocketFactory(RuntimeException x)
+ {
+ this.x = x;
+ }
+
+ public Socket createSocket() throws IOException
+ {
+ throw (IOException) new IOException().initCause(x);
+ }
+
+ public Socket createSocket(String host, int port)
+ throws IOException
+ {
+ throw (IOException) new IOException().initCause(x);
+ }
+
+ public Socket createSocket(String host, int port, InetAddress localHost,
+ int localPort)
+ throws IOException
+ {
+ throw (IOException) new IOException().initCause(x);
+ }
+
+ public Socket createSocket(InetAddress host, int port) throws IOException
+ {
+ throw (IOException) new IOException().initCause(x);
+ }
+
+ public Socket createSocket(InetAddress hast, int port, InetAddress localHost,
+ int localPort)
+ throws IOException
+ {
+ throw (IOException) new IOException().initCause(x);
+ }
+
+ public String[] getDefaultCipherSuites()
+ {
+ throw new RuntimeException(x);
+ }
+
+ public String[] getSupportedCipherSuites()
+ {
+ throw new RuntimeException(x);
+ }
+
+ public Socket createSocket(Socket s, String host, int port,
+ boolean autoClose)
+ throws IOException
+ {
+ throw new RuntimeException(x);
+ }
+ }
+
+ // Abstract methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Creates a SSL socket wrapped around an existing socket.
+ *
+ * @param socket The socket to wrap.
+ * @param host The host the socket is connected to.
+ * @param port The port the socket is connected to.
+ * @param autoClose Whether or not the wrapped socket should be closed
+ * automatically.
+ * @return The new SSL socket.
+ * @throws IOException If the socket could not be created.
+ */
+ public abstract Socket createSocket(Socket socket, String host,
+ int port, boolean autoClose)
+ throws IOException;
+
+ /**
+ * Returns the list of cipher suites that will be enabled in sockets
+ * created by this factory.
+ *
+ * @return The default cipher suites.
+ */
+ public abstract String[] getDefaultCipherSuites();
+
+ /**
+ * Returns the list of all cipher suites supported by this factory.
+ *
+ * @return The list of supported cipher suites.
+ */
+ public abstract String[] getSupportedCipherSuites();
+}
diff --git a/libjava/classpath/javax/net/ssl/TrivialHostnameVerifier.java b/libjava/classpath/javax/net/ssl/TrivialHostnameVerifier.java
new file mode 100644
index 000000000..abf1a7f22
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/TrivialHostnameVerifier.java
@@ -0,0 +1,51 @@
+/* TrivialHostnameVerifier.java -- non-verifing verifier.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * A hostname verifier that always rejects mismatched hostnames.
+ */
+class TrivialHostnameVerifier implements HostnameVerifier
+{
+
+ public boolean verify(String hostname, SSLSession session)
+ {
+ return false;
+ }
+}
diff --git a/libjava/classpath/javax/net/ssl/TrustManager.java b/libjava/classpath/javax/net/ssl/TrustManager.java
new file mode 100644
index 000000000..3bded8b56
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/TrustManager.java
@@ -0,0 +1,47 @@
+/* TrustManager.java -- marker interface for trust managers.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * A marker interface for classes that establish the trust of remote
+ * hosts.
+ */
+public interface TrustManager
+{
+}
diff --git a/libjava/classpath/javax/net/ssl/TrustManagerFactory.java b/libjava/classpath/javax/net/ssl/TrustManagerFactory.java
new file mode 100644
index 000000000..e08501a7b
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/TrustManagerFactory.java
@@ -0,0 +1,287 @@
+/* TrustManagerFactory.java -- factory for trust managers.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import gnu.java.security.Engine;
+
+import java.lang.reflect.InvocationTargetException;
+import java.security.AccessController;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivilegedAction;
+import java.security.Provider;
+import java.security.Security;
+
+/**
+ * A factory for creating trust manager objects.
+ */
+public class TrustManagerFactory
+{
+
+ // Constants and fields.
+ // -------------------------------------------------------------------------
+
+ /** The service name for trust manager factories. */
+ private static final String TRUST_MANAGER_FACTORY = "TrustManagerFactory";
+
+ /** The system default trust manager algorithm. */
+ private static final String DEFAULT_ALGORITHM = "JessieX509";
+
+ /** The underlying engine class. */
+ private final TrustManagerFactorySpi tmfSpi;
+
+ /** The provider of the engine class. */
+ private final Provider provider;
+
+ /** The name of this trust manager algorithm. */
+ private final String algorithm;
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Creates a new trust manager factory.
+ *
+ * @param tmfSpi The underlying engine class.
+ * @param provider The provider of the engine class.
+ * @param algorithm The trust manager algorithm name.
+ */
+ protected TrustManagerFactory(TrustManagerFactorySpi tmfSpi,
+ Provider provider, String algorithm)
+ {
+ this.tmfSpi = tmfSpi;
+ this.provider = provider;
+ this.algorithm = algorithm;
+ }
+
+ /**
+ * Returns an instance of a trust manager factory for the given algorithm from
+ * the first provider that implements it.
+ *
+ * @param algorithm The name of the algorithm to get.
+ * @return The instance of the trust manager factory.
+ * @throws NoSuchAlgorithmException If no provider implements the given
+ * algorithm.
+ * @throws IllegalArgumentException if <code>algorithm</code> is
+ * <code>null</code> or is an empty string.
+ */
+ public static final TrustManagerFactory getInstance(String algorithm)
+ throws NoSuchAlgorithmException
+ {
+ Provider[] p = Security.getProviders();
+ NoSuchAlgorithmException lastException = null;
+ for (int i = 0; i < p.length; i++)
+ try
+ {
+ return getInstance(algorithm, p[i]);
+ }
+ catch (NoSuchAlgorithmException x)
+ {
+ lastException = x;
+ }
+ if (lastException != null)
+ throw lastException;
+ throw new NoSuchAlgorithmException(algorithm);
+ }
+
+ /**
+ * Returns an instance of a trust manager factory for the given algorithm from
+ * the named provider.
+ *
+ * @param algorithm The name of the algorithm to get.
+ * @param provider The name of the provider to get the instance from.
+ * @return The instance of the trust manager factory.
+ * @throws NoSuchAlgorithmException If the provider does not implement the
+ * given algorithm.
+ * @throws NoSuchProviderException If there is no such named provider.
+ * @throws IllegalArgumentException if either <code>algorithm</code> or
+ * <code>provider</code> is <code>null</code>, or if
+ * <code>algorithm</code> is an empty string.
+ */
+ public static final TrustManagerFactory getInstance(String algorithm,
+ String provider)
+ throws NoSuchAlgorithmException, NoSuchProviderException
+ {
+ if (provider == null)
+ throw new IllegalArgumentException("provider MUST NOT be null");
+ Provider p = Security.getProvider(provider);
+ if (p == null)
+ throw new NoSuchProviderException(provider);
+ return getInstance(algorithm, p);
+ }
+
+ /**
+ * Returns an instance of a trust manager factory for the given algorithm from
+ * the specified provider.
+ *
+ * @param algorithm The name of the algorithm to get.
+ * @param provider The provider to get the instance from.
+ * @return The instance of the trust manager factory.
+ * @throws NoSuchAlgorithmException If the provider does not implement the
+ * given algorithm.
+ * @throws IllegalArgumentException if either <code>algorithm</code> or
+ * <code>provider</code> is <code>null</code>, or if
+ * <code>algorithm</code> is an empty string.
+ */
+ public static final TrustManagerFactory getInstance(String algorithm,
+ Provider provider)
+ throws NoSuchAlgorithmException
+ {
+ StringBuilder sb = new StringBuilder("TrustManagerFactory algorithm [")
+ .append(algorithm).append("] from provider[")
+ .append(provider).append("] could not be created");
+ Throwable cause;
+ try
+ {
+ Object spi = Engine.getInstance(TRUST_MANAGER_FACTORY, algorithm, provider);
+ return new TrustManagerFactory((TrustManagerFactorySpi) spi,
+ provider,
+ algorithm);
+ }
+ catch (InvocationTargetException x)
+ {
+ cause = x.getCause();
+ if (cause instanceof NoSuchAlgorithmException)
+ throw (NoSuchAlgorithmException) cause;
+ if (cause == null)
+ cause = x;
+ }
+ catch (ClassCastException x)
+ {
+ cause = x;
+ }
+ NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString());
+ x.initCause(cause);
+ throw x;
+ }
+
+ /**
+ * Returns the default algorithm for trust manager factories. The value
+ * returned is either the value of the security property
+ * "ssl.TrustManagerFactory.algorithm" if it is set, or the value "JessieX509"
+ * if not.
+ *
+ * @return The default algorithm name.
+ * @see Security.getProperty(java.lang.String)
+ */
+ public static final String getDefaultAlgorithm()
+ {
+ String alg = null;
+ try
+ {
+ alg = (String) AccessController.doPrivileged(
+ new PrivilegedAction()
+ {
+ public Object run()
+ {
+ return Security.getProperty("ssl.TrustManagerFactory.algorithm");
+ }
+ }
+ );
+ }
+ catch (SecurityException se)
+ {
+ }
+ if (alg == null)
+ alg = DEFAULT_ALGORITHM;
+ return alg;
+ }
+
+ // Instance methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Returns the name of this trust manager algorithm.
+ *
+ * @return The algorithm name.
+ */
+ public final String getAlgorithm()
+ {
+ return algorithm;
+ }
+
+ /**
+ * Returns the provider of the underlying implementation.
+ *
+ * @return The provider.
+ */
+ public final Provider getProvider()
+ {
+ return provider;
+ }
+
+ /**
+ * Returns the trust managers created by this factory.
+ *
+ * @return The trust managers.
+ */
+ public final TrustManager[] getTrustManagers()
+ {
+ return tmfSpi.engineGetTrustManagers();
+ }
+
+ /**
+ * Initialize this instance with some algorithm-specific parameters.
+ *
+ * @param params The parameters.
+ * @throws InvalidAlgorithmParameterException If the supplied parameters
+ * are inappropriate for this instance.
+ */
+ public final void init(ManagerFactoryParameters params)
+ throws InvalidAlgorithmParameterException
+ {
+ tmfSpi.engineInit(params);
+ }
+
+ /**
+ * Initialize this instance with a key store. The key store may be null,
+ * in which case a default will be used.
+ *
+ * @param store The key store.
+ * @throws KeyStoreException If there is a problem reading from the
+ * key store.
+ */
+ public final void init(KeyStore store) throws KeyStoreException
+ {
+ tmfSpi.engineInit(store);
+ }
+}
diff --git a/libjava/classpath/javax/net/ssl/TrustManagerFactorySpi.java b/libjava/classpath/javax/net/ssl/TrustManagerFactorySpi.java
new file mode 100644
index 000000000..3706674d4
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/TrustManagerFactorySpi.java
@@ -0,0 +1,88 @@
+/* TrustManagerFactorySpi.java -- SPI for trust manager factories.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+
+/**
+ * The <i>service provider interface</i> (<b>SPI</b>) for trust managers.
+ */
+public abstract class TrustManagerFactorySpi
+{
+
+ // Constructor.
+ // -------------------------------------------------------------------------
+
+ public TrustManagerFactorySpi()
+ {
+ super();
+ }
+
+ // Abstract methods.
+ // -------------------------------------------------------------------------
+
+ /**
+ * Engine method that returns the trust managers created by this factory.
+ *
+ * @return The trust managers.
+ */
+ protected abstract TrustManager[] engineGetTrustManagers();
+
+ /**
+ * Engine method that initializes this factory with some algorithm-specific
+ * parameters.
+ *
+ * @param params The parameters.
+ * @throws InvalidAlgorithmParameterException If the given parameters are
+ * inappropriate.
+ */
+ protected abstract void engineInit(ManagerFactoryParameters params)
+ throws InvalidAlgorithmParameterException;
+
+ /**
+ * Engine method that initializes this factory with a key store. The key
+ * store parameter may be null, in which case some default should be used.
+ *
+ * @param store The key store.
+ * @throws KeyStoreException If a problem occurs reading from the key store.
+ */
+ protected abstract void engineInit(KeyStore store) throws KeyStoreException;
+}
diff --git a/libjava/classpath/javax/net/ssl/X509ExtendedKeyManager.java b/libjava/classpath/javax/net/ssl/X509ExtendedKeyManager.java
new file mode 100644
index 000000000..0e7c4d484
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/X509ExtendedKeyManager.java
@@ -0,0 +1,96 @@
+/* X509ExtendedKeyManager.java --
+ Copyright (C) 2006 Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.security.Principal;
+
+/**
+ * An extended {@link X509KeyManager} for use with {@link SSLEngine}.
+ *
+ * @since 1.5
+ * @author Casey Marshall (csm@gnu.org)
+ */
+public abstract class X509ExtendedKeyManager implements X509KeyManager
+{
+
+ /**
+ * Default constructor.
+ */
+ protected X509ExtendedKeyManager ()
+ {
+ }
+
+ /**
+ * Return a client alias given a list of key types, a list of
+ * allowable issuers, and the SSLEngine being used.
+ *
+ * <p>This implementation always returns <code>null</code>.
+ *
+ * @param keyTypes The list of desired key types.
+ * @param issuers The list of desired key issuers.
+ * @param engine This client's SSLEngine.
+ * @return A key alias that matches the given parameters, or
+ * <code>null</code> if the parameters were not matched.
+ */
+ public String chooseEngineClientAlias (final String[] keyTypes,
+ final Principal[] issuers,
+ final SSLEngine engine)
+ {
+ return null;
+ }
+
+ /**
+ * Return a server alias given a key type, a list of allowable
+ * issuers, and the SSLEngine being used.
+ *
+ * <p>This implementation always returns <code>null</code>.
+ *
+ * @param keyType The desired key type.
+ * @param issuers The list of desired key issuers.
+ * @param engine The server's SSLEngine.
+ * @return A key alias that matches the given parameters, or
+ * <code>null</code> if the parameters were not matched.
+ */
+ public String chooseEngineServerAlias (final String keyType,
+ final Principal[] issuers,
+ final SSLEngine engine)
+ {
+ return null;
+ }
+}
diff --git a/libjava/classpath/javax/net/ssl/X509KeyManager.java b/libjava/classpath/javax/net/ssl/X509KeyManager.java
new file mode 100644
index 000000000..6fb6b40bc
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/X509KeyManager.java
@@ -0,0 +1,108 @@
+/* X509KeyManager.java -- X.509 key manager interface.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.net.Socket;
+
+import java.security.Principal;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+
+/**
+ * A key manager for X.509 certificates and their associated private keys.
+ */
+public interface X509KeyManager extends KeyManager
+{
+
+ /**
+ * Choose an alias for client-side authentication.
+ *
+ * @param keyTypes A list of acceptable key types.
+ * @param issuers A list of acceptable certificate issuers.
+ * @param socket The connecting socket.
+ * @return The chosen alias.
+ */
+ String chooseClientAlias(String[] keyTypes, Principal[] issuers,
+ Socket socket);
+
+ /**
+ * Choose an alias for server-side authentication.
+ *
+ * @param keyType The desired certificate type.
+ * @param issuers A list of acceptable certificate issuers.
+ * @param socket The connecting socket.
+ * @return The chosen alias.
+ */
+ String chooseServerAlias(String keyType, Principal[] issuers,
+ Socket socket);
+
+ /**
+ * Gets the X.509 certificate chain associated with the given alias.
+ *
+ * @param alias The alias.
+ * @return The certificate chain.
+ */
+ X509Certificate[] getCertificateChain(String alias);
+
+ /**
+ * Returns all client aliases that support the given key type.
+ *
+ * @param keyType The desired key type.
+ * @param issuers A list of acceptable certificate issuers.
+ * @return The (possibly empty) list of aliases.
+ */
+ String[] getClientAliases(String keyType, Principal[] issuers);
+
+ /**
+ * Gets the private key associated with the given alias.
+ *
+ * @param alias The alias.
+ * @return The private key.
+ */
+ PrivateKey getPrivateKey(String alias);
+
+ /**
+ * Returns all server aliases that support the given key type.
+ *
+ * @param keyType The desired key type.
+ * @param issuers A list of acceptable certificate issuers.
+ * @return The (possibly empty) list of aliases.
+ */
+ String[] getServerAliases(String keyType, Principal[] issuers);
+}
diff --git a/libjava/classpath/javax/net/ssl/X509TrustManager.java b/libjava/classpath/javax/net/ssl/X509TrustManager.java
new file mode 100644
index 000000000..97daaf046
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/X509TrustManager.java
@@ -0,0 +1,76 @@
+/* X509TrustManager.java -- X.509 trust manager interface.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+/**
+ * A trust manager for dealing with X.509 certificates.
+ */
+public interface X509TrustManager extends TrustManager
+{
+
+ /**
+ * Checks if a certificate chain sent by the client is trusted.
+ *
+ * @param chain The certificate chain to check.
+ * @param authType The authentication type.
+ * @throws CertificateException If the client's certificates are not trusted.
+ */
+ void checkClientTrusted(X509Certificate[] chain, String authType)
+ throws CertificateException;
+
+ /**
+ * Checks if a certificate chain sent by the server is trusted.
+ *
+ * @param chain The certificate chain to check.
+ * @param authType The authentication type.
+ * @throws CertificateException If the server's certificates are not trusted.
+ */
+ void checkServerTrusted(X509Certificate[] chain, String authType)
+ throws CertificateException;
+
+ /**
+ * Returns the list of trusted issuer certificates currently in use.
+ *
+ * @return The list of trusted issuer certificates.
+ */
+ X509Certificate[] getAcceptedIssuers();
+}
diff --git a/libjava/classpath/javax/net/ssl/package.html b/libjava/classpath/javax/net/ssl/package.html
new file mode 100644
index 000000000..abc6f0591
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/package.html
@@ -0,0 +1,46 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<!-- package.html - describes classes in javax.net.ssl package.
+ Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. -->
+
+<html>
+<head><title>GNU Classpath - javax.net.ssl</title></head>
+
+<body>
+<p></p>
+
+</body>
+</html>