diff options
author | upstream source tree <ports@midipix.org> | 2015-03-15 20:14:05 -0400 |
---|---|---|
committer | upstream source tree <ports@midipix.org> | 2015-03-15 20:14:05 -0400 |
commit | 554fd8c5195424bdbcabf5de30fdc183aba391bd (patch) | |
tree | 976dc5ab7fddf506dadce60ae936f43f58787092 /libjava/classpath/javax/net/ssl | |
download | cbb-gcc-4.6.4-554fd8c5195424bdbcabf5de30fdc183aba391bd.tar.bz2 cbb-gcc-4.6.4-554fd8c5195424bdbcabf5de30fdc183aba391bd.tar.xz |
obtained gcc-4.6.4.tar.bz2 from upstream website;upstream
verified gcc-4.6.4.tar.bz2.sig;
imported gcc-4.6.4 source tree from verified upstream tarball.
downloading a git-generated archive based on the 'upstream' tag
should provide you with a source tree that is binary identical
to the one extracted from the above tarball.
if you have obtained the source via the command 'git clone',
however, do note that line-endings of files in your working
directory might differ from line-endings of the respective
files in the upstream repository.
Diffstat (limited to 'libjava/classpath/javax/net/ssl')
36 files changed, 4852 insertions, 0 deletions
diff --git a/libjava/classpath/javax/net/ssl/CertPathTrustManagerParameters.java b/libjava/classpath/javax/net/ssl/CertPathTrustManagerParameters.java new file mode 100644 index 000000000..c23d65490 --- /dev/null +++ b/libjava/classpath/javax/net/ssl/CertPathTrustManagerParameters.java @@ -0,0 +1,71 @@ +/* CertPathTrustManagerParameters.java -- + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is a part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or (at +your option) any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; if not, write to the Free Software +Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 +USA + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.security.cert.CertPathParameters; + +/** + * Trust manager parameters for certification paths. + */ +public class CertPathTrustManagerParameters implements ManagerFactoryParameters +{ + private final CertPathParameters params; + + /** + * Creates a new trust manager parameter instance. The argument is + * cloned to prevent modification of this instance. + * + * @param params The certificate path parameters. + * @throws NullPointerException If params is null. + */ + public CertPathTrustManagerParameters (final CertPathParameters params) + { + this.params = (CertPathParameters) params.clone (); + } + + /** + * Returns a copy of the certificate path parameters. + * + * @return A copy of the certificate path parameters. + */ + public CertPathParameters getParameters () + { + return (CertPathParameters) params.clone (); + } +} diff --git a/libjava/classpath/javax/net/ssl/HandshakeCompletedEvent.java b/libjava/classpath/javax/net/ssl/HandshakeCompletedEvent.java new file mode 100644 index 000000000..b65dff06c --- /dev/null +++ b/libjava/classpath/javax/net/ssl/HandshakeCompletedEvent.java @@ -0,0 +1,183 @@ +/* HandshakeCompletedEvent.java -- SSL handshake completed. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.security.Principal; +import java.security.cert.Certificate; + +import javax.security.cert.X509Certificate; + +/** + * An event raised by a SSLSocket and passed to the {@link + * HandshakeCompletedListener#handshakeCompleted(HandshakeCompletedEvent)} + * method of all registered listeners when a SSL handshake in a SSL + * protocol is completed. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public class HandshakeCompletedEvent extends java.util.EventObject +{ + // Fields. + // ------------------------------------------------------------------- + + /** Serialization constant. */ + private static final long serialVersionUID = 7914963744257769778L; + + /** The session. */ + private final transient SSLSession session; + + // Constructor. + // ------------------------------------------------------------------- + + /** + * Creates a new handshake completed event. + * + * @param socket The socket (also the source) creating this event. + * @param session The associated session object. + * @throws NullPointerException If <i>session</i> is null. + */ + public HandshakeCompletedEvent(SSLSocket socket, SSLSession session) + { + super(socket); + if (session == null) + throw new NullPointerException(); + this.session = session; + } + + // Instance methods. + // -------------------------------------------------------------------- + + /** + * Returns the name of the cipher that was negotiated in this + * connection. + * + * @return The negotiated cipher name. + */ + public String getCipherSuite() + { + if (session != null) + return session.getCipherSuite(); + return null; + } + + /** + * Returns the local certificates being used in this connection. + * + * @return The local certificates. + */ + public Certificate[] getLocalCertificates() + { + if (session != null) + return session.getLocalCertificates(); + return null; + } + + /** + * Returns the local identity used in this connection, or + * <code>null</code> if there is none. + * + * @return The local identity. + * @since 1.5 + */ + public Principal getLocalPrincipal () + { + if (session != null) + return session.getLocalPrincipal (); + return null; + } + + /** + * Returns the peer's certificates being used in this connection. + * + * @return The peer's certificates. + * @throws SSLPeerUnverifiedException If the peer has not been + * verified. + */ + public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException + { + if (session != null) + return session.getPeerCertificates(); + return null; + } + + public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException + { + if (session != null) + return session.getPeerCertificateChain(); + return null; + } + + /** + * Returns the peer's identity, or <code>null</code> if there is + * none. + * + * @return The peer's identity. + * @throws SSLPeerUnverifiedException If the remote peer's identity + * could not be verified. + * @since 1.5 + */ + public Principal getPeerPrincipal () throws SSLPeerUnverifiedException + { + if (session != null) + return session.getPeerPrincipal (); + return null; + } + + /** + * Returns the SSL session object associated with this connection. + * + * @return The session object. + */ + public SSLSession getSession() + { + return session; + } + + /** + * Returns the socket over which this connection is being + * negotiated. This method is equivalent to the {@link + * java.util.EventObject#getSource()} method. + * + * @return The socket. + */ + public SSLSocket getSocket() + { + return (SSLSocket) getSource(); + } +} diff --git a/libjava/classpath/javax/net/ssl/HandshakeCompletedListener.java b/libjava/classpath/javax/net/ssl/HandshakeCompletedListener.java new file mode 100644 index 000000000..98584f290 --- /dev/null +++ b/libjava/classpath/javax/net/ssl/HandshakeCompletedListener.java @@ -0,0 +1,57 @@ +/* HandshakeCompletedListener.java -- listens for handshake events. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +/** + * An event listener that waits to be notified of {@link + * HandshakeCompletedEvent} objects created when handshake phase of + * the SSL protocol is completed for a particular connection. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public interface HandshakeCompletedListener extends java.util.EventListener +{ + + /** + * Called when the handshake phase of the SSL protocol completes. + * + * @param event The event describing the new connection. + */ + void handshakeCompleted(HandshakeCompletedEvent event); +} diff --git a/libjava/classpath/javax/net/ssl/HostnameVerifier.java b/libjava/classpath/javax/net/ssl/HostnameVerifier.java new file mode 100644 index 000000000..4b0465678 --- /dev/null +++ b/libjava/classpath/javax/net/ssl/HostnameVerifier.java @@ -0,0 +1,64 @@ +/* HostnameVerifier.java -- verifies disparate hostnames. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +/** + * The interface for classes that perform hostname verification for cases + * when the hostname used to begin the connection (such as in a URL) + * does not match the hostname used in the SSL handshake. + * Implementations of this interface should provide an implementation + * of the {@link #verify(java.lang.String,javax.net.ssl.SSLSession)} + * method that accepts or rejects hostnames as appropriate. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public interface HostnameVerifier +{ + + /** + * Verifies a hostname given a particular SSL session. This method + * should return <code>true</code> if the hostname is an accepted + * alias for the hostname negotiated in the SSL handshake. + * + * @param hostname The hostname in question. + * @param session The current SSL session. + * @return <code>true</code> if the hostname is acceptable. + */ + boolean verify(String hostname, SSLSession session); +} diff --git a/libjava/classpath/javax/net/ssl/HttpsURLConnection.java b/libjava/classpath/javax/net/ssl/HttpsURLConnection.java new file mode 100644 index 000000000..c02cb9e7b --- /dev/null +++ b/libjava/classpath/javax/net/ssl/HttpsURLConnection.java @@ -0,0 +1,324 @@ +/* HttpsURLConnection.java -- an HTTPS connection. + Copyright (C) 2004, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.net.HttpURLConnection; +import java.net.URL; +import java.security.Principal; +import java.security.cert.Certificate; +import java.security.cert.X509Certificate; + +/** + * A URL connection that connects via the <i>Secure Socket Layer</i> + * (<b>SSL</b>) for HTTPS connections. + * + * <p>This class may be used in the same way as {@link + * HttpURLConnection}, and it will transparently negotiate the SSL + * connection. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public abstract class HttpsURLConnection extends HttpURLConnection +{ + + // Fields. + // ------------------------------------------------------------------ + + /** + * The default verifier. + * This is lazily initialized as required. + * @see #getDefaultHostnameVerifier + */ + private static HostnameVerifier defaultVerifier; + + /** + * The default factory. + * This is lazily initialized as required. + * @see #getDefaultSSLSocketFactory + */ + private static SSLSocketFactory defaultFactory; + + /** + * The hostname verifier used for this connection. + */ + protected HostnameVerifier hostnameVerifier; + + /** + * This connection's socket factory. + */ + private SSLSocketFactory factory; + + // Constructor. + // ------------------------------------------------------------------ + + /** + * Creates a new HTTPS URL connection. + * + * @param url The URL of the connection being established. + * @specnote This was marked as throwing IOException in 1.4, + * but this was removed in 1.5. + */ + protected HttpsURLConnection(URL url) + { + super(url); + } + + // Class methods. + // ------------------------------------------------------------------ + + /** + * Returns the default hostname verifier used in all new + * connections. + * If the default verifier has not been set, a new default one will be + * provided by this method. + * + * @return The default hostname verifier. + */ + public static synchronized HostnameVerifier getDefaultHostnameVerifier() + { + if (defaultVerifier == null) + { + defaultVerifier = new TrivialHostnameVerifier(); + } + return defaultVerifier; + } + + /** + * Sets the default hostname verifier to be used in all new + * connections. + * + * @param newDefault The new default hostname verifier. + * @throws IllegalArgumentException If <i>newDefault</i> is null. + * @throws SecurityException If there is a security manager + * currently installed and the caller does not have the {@link + * SSLPermission} "setHostnameVerifier". + */ + public static void setDefaultHostnameVerifier(HostnameVerifier newDefault) + { + if (newDefault == null) + throw new IllegalArgumentException("default verifier cannot be null"); + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkPermission(new SSLPermission("setHostnameVerifier")); + synchronized (HttpsURLConnection.class) + { + defaultVerifier = newDefault; + } + } + + /** + * Returns the default SSL socket factory used in all new + * connections. + * If the default SSL socket factory has not been set, a new default one + * will be provided by this method. + * + * @return The default SSL socket factory. + */ + public static synchronized SSLSocketFactory getDefaultSSLSocketFactory() + { + if (defaultFactory == null) + { + try + { + defaultFactory = (SSLSocketFactory) SSLSocketFactory.getDefault(); + } + catch (Throwable t) + { + t.printStackTrace(); + } + } + return defaultFactory; + } + + /** + * Sets the default SSL socket factory to be used in all new + * connections. + * + * @param newDefault The new socket factory. + * @throws IllegalArgumentException If <i>newDefault</i> is null. + * @throws SecurityException If there is a security manager + * installed and a call to {@link + * SecurityManager#checkSetFactory()} fails. + */ + public static void setDefaultSSLSocketFactory(SSLSocketFactory newDefault) + { + if (newDefault == null) + throw new IllegalArgumentException("default factory cannot be null"); + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkSetFactory(); + synchronized (HttpsURLConnection.class) + { + defaultFactory = newDefault; + } + } + + // Instance methods. + // ------------------------------------------------------------------ + + /** + * Returns the current hostname verifier for this instance. + * + * @return The hostname verifier. + */ + public HostnameVerifier getHostnameVerifier() + { + if (hostnameVerifier == null) + { + hostnameVerifier = getDefaultHostnameVerifier(); + } + return hostnameVerifier; + } + + /** + * Sets the hostname verifier for this instance. + * + * @param hostnameVerifier The new verifier. + * @throws IllegalArgumentException If <i>hostnameVerifier</i> is + * null. + */ + public void setHostnameVerifier(HostnameVerifier hostnameVerifier) + { + if (hostnameVerifier == null) + throw new IllegalArgumentException("verifier cannot be null"); + this.hostnameVerifier = hostnameVerifier; + } + + /** + * Returns the current SSL socket factory for this instance. + * + * @return The current SSL socket factory. + */ + public SSLSocketFactory getSSLSocketFactory() + { + if (factory == null) + { + factory = getDefaultSSLSocketFactory(); + } + return factory; + } + + /** + * Sets the SSL socket factory for this instance. + * + * @param factory The new factory. + * @throws IllegalArgumentException If <i>factory</i> is null. + */ + public void setSSLSocketFactory(SSLSocketFactory factory) + { + if (factory == null) + throw new IllegalArgumentException("factory cannot be null"); + this.factory = factory; + } + + /** + * Returns the local principal for this connection. + * + * <p>The default implementation will return the {@link + * javax.security.x500.X500Principal} for the end entity certificate + * in the local certificate chain if those certificates are of type + * {@link java.security.cert.X509Certificate}. Otherwise, this + * method returns <code>null</code>. + * + * @return The local principal. + * @since 1.5 + */ + public Principal getLocalPrincipal () + { + Certificate[] c = getLocalCertificates (); + if (c != null && c.length > 0 && (c[0] instanceof X509Certificate)) + return ((X509Certificate) c[0]).getSubjectX500Principal (); + return null; + } + + /** + * Returns the remote peer's principal for this connection. + * + * <p>The default implementation will return the {@link + * javax.security.x500.X500Principal} for the end entity certificate + * in the remote peer's certificate chain if those certificates are + * of type {@link java.security.cert.X509Certificate}. Otherwise, + * this method returns <code>null</code>. + * + * @return The remote principal. + * @throws SSLPeerUnverifiedException If the remote peer has not + * been verified. + * @since 1.5 + */ + public Principal getPeerPrincipal () throws SSLPeerUnverifiedException + { + Certificate[] c = getServerCertificates (); + if (c != null && c.length > 0 && (c[0] instanceof X509Certificate)) + return ((X509Certificate) c[0]).getSubjectX500Principal (); + return null; + } + + // Abstract methods. + // ------------------------------------------------------------------- + + /** + * Returns the cipher name negotiated for this connection. + * + * @return The cipher name. + * @throws IllegalStateException If the connection has not yet been + * established. + */ + public abstract String getCipherSuite(); + + /** + * Returns the certificates used on the local side in this + * connection. + * + * @return The local certificates. + * @throws IllegalStateException If the connection has not yet been + * established. + */ + public abstract Certificate[] getLocalCertificates(); + + /** + * Returns the certificates sent by the other party. + * + * @return The peer's certificates. + * @throws IllegalStateException If the connection has not yet been + * established. + * @throws SSLPeerUnverifiedException If the peer could not be + * verified. + */ + public abstract Certificate[] getServerCertificates() throws SSLPeerUnverifiedException; +} diff --git a/libjava/classpath/javax/net/ssl/KeyManager.java b/libjava/classpath/javax/net/ssl/KeyManager.java new file mode 100644 index 000000000..688faa5d5 --- /dev/null +++ b/libjava/classpath/javax/net/ssl/KeyManager.java @@ -0,0 +1,51 @@ +/* KeyManager.java -- marker interface for key manager classes. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +/** + * A marker interface for objects that serve as key managers in SSL + * communications. Key managers typically keep track of the public + * certificates and private keys when authenticating the local host to + * remote host, and thus is typically used in SSL servers. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public interface KeyManager +{ +} diff --git a/libjava/classpath/javax/net/ssl/KeyManagerFactory.java b/libjava/classpath/javax/net/ssl/KeyManagerFactory.java new file mode 100644 index 000000000..d9519512a --- /dev/null +++ b/libjava/classpath/javax/net/ssl/KeyManagerFactory.java @@ -0,0 +1,294 @@ +/* KeyManagerFactory.java -- factory for key managers. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import gnu.java.security.Engine; + +import java.lang.reflect.InvocationTargetException; +import java.security.AccessController; +import java.security.InvalidAlgorithmParameterException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PrivilegedAction; +import java.security.Provider; +import java.security.Security; +import java.security.UnrecoverableKeyException; + +/** + * A class that creates key manager implementations based on a + * requested algorithm. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public class KeyManagerFactory +{ + + // Constants and fields. + // ------------------------------------------------------------------ + + /** The service name for key manager factories. */ + private static final String KEY_MANAGER_FACTORY = "KeyManagerFactory"; + + /** The system default trust manager algorithm. */ + private static final String DEFAULT_ALGORITHM = "JessieX509"; + + /** The underlying engine. */ + private final KeyManagerFactorySpi kmfSpi; + + /** The provider of this implementation. */ + private final Provider provider; + + /** The name of this algorithm. */ + private final String algorithm; + + // Constructor. + // ------------------------------------------------------------------ + + /** + * Create a new key manager factory. + * + * @param kmfSpi The underlying engine. + * @param provider The engine's provider. + * @param algorithm The name of this algorithm. + */ + protected KeyManagerFactory(KeyManagerFactorySpi kmfSpi, + Provider provider, String algorithm) + { + this.kmfSpi = kmfSpi; + this.provider = provider; + this.algorithm = algorithm; + } + + // Class methods. + // ------------------------------------------------------------------ + + /** + * Get the default algorithm name. This value may be specified at + * run-time via the security property + * "ssl.KeyManagerFactory.algorithm". If this property is + * not specified, this method returns "JessieX509". + * + * @return The default key manager factory algorithm's name. + */ + public static final String getDefaultAlgorithm() + { + String alg = null; + try + { + alg = (String) AccessController.doPrivileged( + new PrivilegedAction() + { + public Object run() + { + return Security.getProperty("ssl.KeyManagerFactory.algorithm"); + } + } + ); + } + catch (SecurityException se) + { + } + if (alg == null) + alg = DEFAULT_ALGORITHM; + return alg; + } + + /** + * Create an instance of the named key manager factory, from the first + * provider that implements it. + * + * @param algorithm The type of key manager factory to get. + * @return An appropriate implementation of that algoritm. + * @throws NoSuchAlgorithmException If no provider implements the requested + * algorithm. + * @throws IllegalArgumentException if <code>algorithm</code> is + * <code>null</code> or is an empty string. + */ + public static final KeyManagerFactory getInstance(String algorithm) + throws NoSuchAlgorithmException + { + Provider[] p = Security.getProviders(); + NoSuchAlgorithmException lastException = null; + for (int i = 0; i < p.length; i++) + try + { + return getInstance(algorithm, p[i]); + } + catch (NoSuchAlgorithmException x) + { + lastException = x; + } + if (lastException != null) + throw lastException; + throw new NoSuchAlgorithmException(algorithm); + } + + /** + * Create an instance of the named key manager factory, from the named + * provider. + * + * @param algorithm The type of key manager factory to get. + * @param provider The name of the provider to get the implementation from. + * @return An appropriate implementation of that algorithm. + * @throws NoSuchAlgorithmException If the provider does not implement the + * requested algorithm. + * @throws NoSuchProviderException If the named provider does not exist. + * @throws IllegalArgumentException if either <code>algorithm</code> or + * <code>provider</code> is <code>null</code>, or if + * <code>algorithm</code> is an empty string. + */ + public static final KeyManagerFactory getInstance(String algorithm, + String provider) + throws NoSuchAlgorithmException, NoSuchProviderException + { + if (provider == null) + throw new IllegalArgumentException("provider MUST NOT be null"); + Provider p = Security.getProvider(provider); + if (p == null) + throw new NoSuchProviderException(provider); + return getInstance(algorithm, p); + } + + /** + * Create an instance of the named key manager factory, from the given + * provider. + * + * @param algorithm The type of key manager factory to get. + * @param provider The provider to get the implementation from. + * @return An appropriate implementation of that algorithm. + * @throws NoSuchAlgorithmException If the provider does not implement the + * requested algorithm. + * @throws IllegalArgumentException if either <code>algorithm</code> or + * <code>provider</code> is <code>null</code>, or if + * <code>algorithm</code> is an empty string. + */ + public static final KeyManagerFactory getInstance(String algorithm, + Provider provider) + throws NoSuchAlgorithmException + { + StringBuilder sb = new StringBuilder("KeyManagerFactory algorithm [") + .append(algorithm).append("] from provider[") + .append(provider).append("] could not be created"); + Throwable cause; + try + { + Object spi = Engine.getInstance(KEY_MANAGER_FACTORY, algorithm, provider); + return new KeyManagerFactory((KeyManagerFactorySpi) spi, provider, algorithm); + } + catch (InvocationTargetException x) + { + cause = x.getCause(); + if (cause instanceof NoSuchAlgorithmException) + throw (NoSuchAlgorithmException) cause; + if (cause == null) + cause = x; + } + catch (ClassCastException x) + { + cause = x; + } + NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString()); + x.initCause(cause); + throw x; + } + + /** + * Returns the name of this key manager factory algorithm. + * + * @return The name of this key manager factory algorithm. + */ + public final String getAlgorithm() + { + return algorithm; + } + + /** + * Get an array of key managers appropriate for this algorithm, with + * the most preferred manager first. + * + * @return The array of key managers. + */ + public final KeyManager[] getKeyManagers() + { + return kmfSpi.engineGetKeyManagers(); + } + + /** + * Returns the provider of this implementation. + * + * @return The provider of this implementation. + */ + public final Provider getProvider() + { + return provider; + } + + /** + * Initialize this instance with an implementation-dependent + * parameter object. + * + * @param params The parameters to initialize with. + * @throws InvalidAlgorithmParameterException If the specified + * parameters are inappropriate. + */ + public final void init(ManagerFactoryParameters params) + throws InvalidAlgorithmParameterException + { + kmfSpi.engineInit(params); + } + + /** + * Initialize this instance with a key store and a password for + * private key entries. + * + * @param store The key store to read. + * @param passwd The password protecting private keys in the store. + * @throws KeyStoreException If an error occurs reading the keys. + * @throws NoSuchAlgorithmException If an algorithm (such as a + * certificate algorithm) is not available. + * @throws UnrecoverableKeyException If the password is incorrect. + */ + public final void init(KeyStore store, char[] passwd) + throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException + { + kmfSpi.engineInit(store, passwd); + } +} diff --git a/libjava/classpath/javax/net/ssl/KeyManagerFactorySpi.java b/libjava/classpath/javax/net/ssl/KeyManagerFactorySpi.java new file mode 100644 index 000000000..a74bcee3a --- /dev/null +++ b/libjava/classpath/javax/net/ssl/KeyManagerFactorySpi.java @@ -0,0 +1,102 @@ +/* KeyManagerFactorySpi.java -- SPI for key manager factories. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.security.InvalidAlgorithmParameterException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; + +/** + * The <i>Service Provider Interface</i> (<b>SPI</b>) for key manager + * factories. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public abstract class KeyManagerFactorySpi +{ + + // Constructor. + // ------------------------------------------------------------------ + + public KeyManagerFactorySpi() + { + super(); + } + + // Abstract methods. + // ------------------------------------------------------------------ + + /** + * Engine method for retrieving this factory's key managers. + * + * @return The key managers. + */ + protected abstract KeyManager[] engineGetKeyManagers(); + + /** + * Engine method for initializing this factory with some + * algorithm-specific parameters. + * + * @param params The factory parameters. + * @throws InvalidAlgorithmParameterException If the supplied parameters + * are inappropriate for this instance. + */ + protected abstract void engineInit(ManagerFactoryParameters params) + throws InvalidAlgorithmParameterException; + + /** + * Engine method for initializing this factory with a key store and a + * password for private keys. Either parameter may be <code>null</code>, + * in which case some default parameters (possibly derived from system + * properties) should be used. + * + * @param store The key store. + * @param passwd The private key password. + * @throws KeyStoreException If the key store cannot be accessed. + * @throws NoSuchAlgorithmException If some of the data from the key + * store cannot be retrieved. + * @throws UnrecoverableKeyException If a private key cannot be retrieved, + * likely from a wrong password. + */ + protected abstract void engineInit(KeyStore store, char[] passwd) + throws KeyStoreException, NoSuchAlgorithmException, + UnrecoverableKeyException; +} diff --git a/libjava/classpath/javax/net/ssl/KeyStoreBuilderParameters.java b/libjava/classpath/javax/net/ssl/KeyStoreBuilderParameters.java new file mode 100644 index 000000000..26b61428f --- /dev/null +++ b/libjava/classpath/javax/net/ssl/KeyStoreBuilderParameters.java @@ -0,0 +1,48 @@ +/* KeyStoreBuilderParameters.java -- + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is a part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or (at +your option) any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; if not, write to the Free Software +Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 +USA + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +/** + * <p style="color: red;"><b>FIXME</b> this class is currently a stub; + * it depends on an implementation of {@link + * java.security.KeyStore.Builder}</p>. + */ +public class KeyStoreBuilderParameters implements ManagerFactoryParameters +{ +} diff --git a/libjava/classpath/javax/net/ssl/ManagerFactoryParameters.java b/libjava/classpath/javax/net/ssl/ManagerFactoryParameters.java new file mode 100644 index 000000000..59c921509 --- /dev/null +++ b/libjava/classpath/javax/net/ssl/ManagerFactoryParameters.java @@ -0,0 +1,50 @@ +/* ManagerFactoryParameters.java -- marker interface for manager parameters. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +/** + * A marker interface for classes that serve as key or trust manager + * parameters, used to initialize instances of {@link + * KeyManagerFactory} or {@link TrustManagerFactory}. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public interface ManagerFactoryParameters +{ +} diff --git a/libjava/classpath/javax/net/ssl/SSLContext.java b/libjava/classpath/javax/net/ssl/SSLContext.java new file mode 100644 index 000000000..9a6e9a5f0 --- /dev/null +++ b/libjava/classpath/javax/net/ssl/SSLContext.java @@ -0,0 +1,293 @@ +/* SSLContext.java -- an SSL protocol context. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import gnu.java.security.Engine; + +import java.lang.reflect.InvocationTargetException; +import java.security.KeyManagementException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.Provider; +import java.security.SecureRandom; +import java.security.Security; + +/** + * A "meta-factory" for protocol-specific socket and server socket + * factories. This class serves as a clearinghouse for socket + * factories and cached session contexts for a particular protocol, + * such as SSLv3. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public class SSLContext +{ + // Constants and fields. + // ------------------------------------------------------------------ + + /** Service name for SSL contexts. */ + private static final String SSL_CONTEXT = "SSLContext"; + + /** The underlying engine. */ + private final SSLContextSpi ctxSpi; + + /** The provider of the engine class. */ + private final Provider provider; + + /** The protocal name. */ + private final String protocol; + + // Constructor. + // ------------------------------------------------------------------ + + /** + * Create a new SSL context. + * + * @param ctxSpi The context engine. + * @param provider The provider of the implementation. + * @param protocol The name of the SSL protocol. + */ + protected SSLContext(SSLContextSpi ctxSpi, Provider provider, + String protocol) + { + this.ctxSpi = ctxSpi; + this.provider = provider; + this.protocol = protocol; + } + + /** + * Get an instance of a context for the specified protocol from the first + * provider that implements it. + * + * @param protocol The name of the protocol to get a context for. + * @return The new context. + * @throws NoSuchAlgorithmException If no provider implements the given + * protocol. + * @throws IllegalArgumentException if <code>protocol</code> is + * <code>null</code> or is an empty string. + */ + public static final SSLContext getInstance(String protocol) + throws NoSuchAlgorithmException + { + Provider[] p = Security.getProviders(); + NoSuchAlgorithmException lastException = null; + for (int i = 0; i < p.length; i++) + try + { + return getInstance(protocol, p[i]); + } + catch (NoSuchAlgorithmException x) + { + lastException = x; + } + if (lastException != null) + throw lastException; + throw new NoSuchAlgorithmException(protocol); + } + + /** + * Get an instance of a context for the specified protocol from the named + * provider. + * + * @param protocol The name of the protocol to get a context for. + * @param provider The name of the provider to get the implementation from. + * @return The new context. + * @throws NoSuchAlgorithmException If the provider does not implement the + * given protocol. + * @throws NoSuchProviderException If the named provider does not exist. + * @throws IllegalArgumentException if either <code>protocol</code> or + * <code>provider</code> is <code>null</code>, or if + * <code>protocol</code> is an empty string. + */ + public static final SSLContext getInstance(String protocol, String provider) + throws NoSuchAlgorithmException, NoSuchProviderException + { + if (provider == null) + throw new IllegalArgumentException("provider MUST NOT be null"); + Provider p = Security.getProvider(provider); + if (p == null) + throw new NoSuchProviderException(provider); + return getInstance(protocol, p); + } + + /** + * Get an instance of a context for the specified protocol from the specified + * provider. + * + * @param protocol The name of the protocol to get a context for. + * @param provider The name of the provider to get the implementation from. + * @return The new context. + * @throws NoSuchAlgorithmException If the provider does not implement the + * given protocol. + * @throws IllegalArgumentException if either <code>protocol</code> or + * <code>provider</code> is <code>null</code>, or if + * <code>protocol</code> is an empty string. + */ + public static final SSLContext getInstance(String protocol, Provider provider) + throws NoSuchAlgorithmException + { + StringBuilder sb = new StringBuilder("SSLContext for protocol [") + .append(protocol).append("] from provider[") + .append(provider).append("] could not be created"); + Throwable cause; + try + { + Object spi = Engine.getInstance(SSL_CONTEXT, protocol, provider); + return new SSLContext((SSLContextSpi) spi, provider, protocol); + } + catch (InvocationTargetException x) + { + cause = x.getCause(); + if (cause instanceof NoSuchAlgorithmException) + throw (NoSuchAlgorithmException) cause; + if (cause == null) + cause = x; + } + catch (ClassCastException x) + { + cause = x; + } + NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString()); + x.initCause(cause); + throw x; + } + + /** + * Creates a new {@link SSLEngine} for this context. + * + * @return The new SSLEngine. + * @since 1.5 + */ + public final SSLEngine createSSLEngine () + { + return ctxSpi.engineCreateSSLEngine (); + } + + /** + * Creates a new {@link SSLEngine} for this context, with a given + * host name and port number. + * + * @param host The local host name. + * @param port The local port number. + * @return The new SSLEngine. + * @since 1.5 + */ + public final SSLEngine createSSLEngine (final String host, final int port) + { + return ctxSpi.engineCreateSSLEngine (host, port); + } + + /** + * Returns the set of SSL contexts available for client connections. + * + * @return The set of SSL contexts available for client connections. + */ + public final SSLSessionContext getClientSessionContext() + { + return ctxSpi.engineGetClientSessionContext(); + } + + /** + * Returns the protocol name of this context. + * + * @return The protocol name of this context. + */ + public final String getProtocol() + { + return protocol; + } + + /** + * Returns the provider of this implementation. + * + * @return The provider of this implementation. + */ + public final Provider getProvider() + { + return provider; + } + + /** + * Returns the set of SSL contexts available for server connections. + * + * @return The set of SSL contexts available for server connections. + */ + public final SSLSessionContext getServerSessionContext() + { + return ctxSpi.engineGetServerSessionContext(); + } + + /** + * Returns the factory for server SSL sockets. + * + * @return The factory for server SSL sockets. + */ + public final SSLServerSocketFactory getServerSocketFactory() + { + return ctxSpi.engineGetServerSocketFactory(); + } + + /** + * Returns the factory for client SSL sockets. + * + * @return The factory for client SSL sockets. + */ + public final SSLSocketFactory getSocketFactory() + { + return ctxSpi.engineGetSocketFactory(); + } + + /** + * Initializes this context and prepares it for producing socket + * factories. All of the parameters are optional; default values are + * used if left unspecified. + * + * @param keyManagers The set of key managers to use. + * @param trustManagers The set of trust managers to use. + * @param random A source of random bits to use. + * @throws KeyManagementException If initialization fails. + */ + public final void init(KeyManager[] keyManagers, + TrustManager[] trustManagers, + SecureRandom random) + throws KeyManagementException + { + ctxSpi.engineInit(keyManagers, trustManagers, random); + } +} diff --git a/libjava/classpath/javax/net/ssl/SSLContextSpi.java b/libjava/classpath/javax/net/ssl/SSLContextSpi.java new file mode 100644 index 000000000..03c44f85e --- /dev/null +++ b/libjava/classpath/javax/net/ssl/SSLContextSpi.java @@ -0,0 +1,131 @@ +/* SSLContextSpi.java -- SPI for SSL contexts. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.security.KeyManagementException; +import java.security.SecureRandom; + +/** + * The <i>Service Provider Interface</i> (<b>SPI</b>) for SSLContext + * objects. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public abstract class SSLContextSpi +{ + + // Constructor. + // ------------------------------------------------------------------- + + /** + * Create a new SSLContextSpi. + */ + public SSLContextSpi() + { + super(); + } + + // Abstract methods. + // ------------------------------------------------------------------- + + // Sun, you've broken existing applications by introducing new + // abstract methods! Goodjob!!! + + /** + * Returns a new {@link SSLEngine} for this context. + * + * @return A new SSLEngine. + * @since 1.5 + */ + protected abstract SSLEngine engineCreateSSLEngine (); + + /** + * Returns a new {@link SSLEngine} for this context, for the given + * host name and port number. + * + * @param host The local host name. + * @param port The local port number. + * @return A new SSLEngine. + * @since 1.5 + */ + protected abstract SSLEngine engineCreateSSLEngine (String host, int port); + + /** + * Returns the set of SSL sessions available for client connections. + * + * @return The set of SSL sessions available for client connections. + */ + protected abstract SSLSessionContext engineGetClientSessionContext(); + + /** + * Returns the set of SSL sessions available for server connections. + * + * @return The set of SSL sessions available for server connections. + */ + protected abstract SSLSessionContext engineGetServerSessionContext(); + + /** + * Returns the SSL server socket factory. + * + * @return The SSL server socket factory. + */ + protected abstract SSLServerSocketFactory engineGetServerSocketFactory(); + + /** + * Returns the SSL client socket factory. + * + * @return The SSL client socket factory. + */ + protected abstract SSLSocketFactory engineGetSocketFactory(); + + /** + * Initialize this context with key and trust managers, and a source + * of randomness. All of the parameters are optional. + * + * @param keyManagers The set of key managers. + * @param trustManagers The set of trust managers. + * @param random The source of randomness. + * @throws KeyManagementException If this context cannot be + * initialized with these parameters. + */ + protected abstract void engineInit(KeyManager[] keyManagers, + TrustManager[] trustManagers, + SecureRandom random) + throws KeyManagementException; +} diff --git a/libjava/classpath/javax/net/ssl/SSLEngine.java b/libjava/classpath/javax/net/ssl/SSLEngine.java new file mode 100644 index 000000000..2ba7bb636 --- /dev/null +++ b/libjava/classpath/javax/net/ssl/SSLEngine.java @@ -0,0 +1,442 @@ +/* SSLEngine.java -- advanced, generic utility for manipulating SSL messages. + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is a part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or (at +your option) any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; if not, write to the Free Software +Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 +USA + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.nio.ByteBuffer; + +/** + * A class for low-level message wrapping and unwrapping of SSL + * messages. + * + * @author Casey Marshall (csm@gnu.org) + * @since 1.5 + */ +public abstract class SSLEngine +{ + private final String peerHost; + private final int peerPort; + + /** + * Creates a new SSLEngine with no peer host name or port number. + */ + protected SSLEngine () + { + this (null, -1); + } + + /** + * Creates a new SSLEngine with the specified peer host name and + * port number. + * + * @param peerHost The peer's host name. + * @param peerPort The peer's port number. + */ + protected SSLEngine (String peerHost, int peerPort) + { + this.peerHost = peerHost; + this.peerPort = peerPort; + } + + + + /** + * Begin, or restart, the SSL handshake. + * + * @throws SSLException + */ + public abstract void beginHandshake () throws SSLException; + + /** + * Close the inbound state. + * + * @throws SSLException + */ + public abstract void closeInbound () throws SSLException; + + /** + * Close the outbound state. + */ + public abstract void closeOutbound (); + + /** + * + */ + public abstract Runnable getDelegatedTask (); + + /** + * Returns the peer host name this SSL session is connected to, or + * <code>null</code> if this value was not set. + * + * @return The peer host's name. + */ + public String getPeerHost () + { + return peerHost; + } + + /** + * Returns the peer IP port number this SSL session in communicating + * on, or -1 if this value was not set. + * + * @return The peer's port number. + */ + public int getPeerPort () + { + return peerPort; + } + + /** + * Returns a list of SSL cipher suite names this SSLEngine is + * configured to use. + * + * @return The list of enabled cipher suite names. + */ + public abstract String[] getEnabledCipherSuites(); + + /** + * Returns a list of SSL protocol version names this SSLEngine is + * configured to use. + * + * @return The list of enabled protocol names. + */ + public abstract String[] getEnabledProtocols (); + + /** + * Tells if sessions will be created by this engine, and therefore + * may be resumed at a later time. + * + * @return True if sessions will be created. + */ + public abstract boolean getEnableSessionCreation(); + + /** + * Return the current handshake status. + * + * @return The current handshake status. + */ + public abstract SSLEngineResult.HandshakeStatus getHandshakeStatus (); + + /** + * Tells if this SSLEngine is configured to require client + * authentication when in server mode. + * + * @return True iff client authentication is required. + */ + public abstract boolean getNeedClientAuth (); + + /** + * Return the {@link SSLSession} object this connection represents. + * + * @return The SSL session. + */ + public abstract SSLSession getSession (); + + /** + * Returns a list of SSL cipher suite names this SSLEngine + * implementation supports. + * + * @return The list of cipher suite names supported by this + * implementation. + */ + public abstract String[] getSupportedCipherSuites (); + + /** + * Returns a list of SSL protocol version names this SSLEngine + * implementation supports. SSL protocol names include things like + * "SSLv3" or "TLSv1". + * + * @return The list of SSL protocol names + */ + public abstract String[] getSupportedProtocols (); + + /** + * Tells if this SSLEngine is a "client" session. + * + * @return True iff this session is configured for client mode. + */ + public abstract boolean getUseClientMode (); + + /** + * Tells if client authentication is requested, but not required, + * for sessions in server mode. If true, a server session will + * request an authentication message from connecting clients, but + * will still allow clients to connect if they cannot be + * authenticated. + * + * @return True iff client authentication is requested. + */ + public abstract boolean getWantClientAuth (); + + /** + * Tells if the incoming data stream is finished, and thus if no + * more data will be available to be unwrapped. + * + * @return True if no more data is to be unwrapped. + */ + public abstract boolean isInboundDone (); + + /** + * Tells if the outgoing data stream is finished, and thus if no + * more data may be wrapped. + * + * @return True if no more data may be wrapped. + */ + public abstract boolean isOutboundDone (); + + /** + * Sets the list of enabled cipher suites. The argument is an array + * of strings of the canonical suite names. + * + * @param suites The cipher suites to enable. + * @throws IllegalArgumentException If any of the specified suite + * strings is not supported by this implementation, or if the + * argument is null. + */ + public abstract void setEnabledCipherSuites (String[] suites); + + /** + * Sets the list of enabled protocol versions. The argument is an + * array of strings of the canonical protocol version names, such as + * "TLSv1". + * + * @param protocols The protocol versions to enable. + * @throws IllegalArgumentException If any of the specified + * protocols are not supported, or if the argument is null. + */ + public abstract void setEnabledProtocols (String[] protocols); + + /** + * Enables or disables session creation. If enabled, each connection + * will create session that may be resumed by another connection. + * + * @param create Whether or not to enable session creation. + */ + public abstract void setEnableSessionCreation (boolean create); + + /** + * Enables client or server mode. If the argument is true, this + * engine will run in client mode; if false, server mode. + * + * @param clientMode Whether or not to use client mode. + */ + public abstract void setUseClientMode (boolean clientMode); + + /** + * Enables or disables required client authentication. If enabled, + * clients may only connect if they provide proper identification. + * + * <p>This parameter is only used in server mode. + * + * @param needAuth Whether or not client authentication is required. + */ + public abstract void setNeedClientAuth (boolean needAuth); + + /** + * Enables or disables requested client authentication. If enabled, + * clients will be asked to provide proper identification, but will + * still be allowed to connect if they do not provide it. + * + * <p>This parameter is only used in server mode. + * + * @param wantAuth Whether or not client authentication will be + * requested, but not required. + */ + public abstract void setWantClientAuth (boolean wantAuth); + + /** + * Unwraps a byte buffer recieved from the network, storing the + * decrypted, unwrapped bytes into the given buffer. + * + * <p>This call is exactly equivalent to <code>unwrap (source, new + * ByteBuffer[] { sink }, 0, 1)</code>. + * + * @param source The source bytes, coming from the network. + * @param sink The buffer to hold the unwrapped message. + * @return An engine result object for the operation. + * @throws SSLException If an SSL message parsing error occurs. + * @throws java.nio.ReadOnlyBufferException If 'sink' is not + * writable. + * @throws IllegalArgumentException If either 'source' or 'sink' is + * null. + * @throws IllegalStateException If this engine has not been put + * into client or server mode. + */ + public SSLEngineResult unwrap (ByteBuffer source, ByteBuffer sink) + throws SSLException + { + return unwrap (source, new ByteBuffer[] { sink }, 0, 1); + } + + /** + * Unwraps a byte buffer recieved from the network, storing the + * decrypted, unwrapped bytes into the given buffers. + * + * <p>This call is exactly equivalent to <code>unwrap (source, + * sinks, 0, sinks.length)</code>. + * + * @param source The source bytes, coming from the network. + * @param sinks The buffers to hold the unwrapped message. + * @return An engine result object for the operation. + * @throws SSLException If an SSL message parsing error occurs. + * @throws java.nio.ReadOnlyBufferException If any buffer in 'sinks' + * is not writable. + * @throws IllegalArgumentException If either 'source' or 'sinks' is + * null. + * @throws IllegalStateException If this engine has not been put + * into client or server mode. + */ + public SSLEngineResult unwrap (ByteBuffer source, ByteBuffer[] sinks) + throws SSLException + { + return unwrap (source, sinks, 0, sinks.length); + } + + /** + * Unwraps a byte buffer received from the network, storing the + * decrypted, unwrapped bytes into the given buffers. After + * unwrapping, the bytes placed into the sink buffers are ready for + * consumption by the application. + * + * <p>This method may place no bytes in the destination buffer; for + * example, if this engine is still performing the SSL handshake, + * only handshake data will be consumed, and no application data. + * + * <p>It is stated that this method may modify the source buffer, + * and that it must not be passed to another SSLEngine (SSL + * connections are independent, so another SSLEngine will not have + * the parameters or state to handle messages meant for this + * engine). + * + * @param source The source bytes, coming from the network. + * @param sinks The buffers to hold the unwrapped message. + * @param offset The index of the first buffer in 'sinks' to use. + * @param length The number of buffers in 'sinks' to use. + * @return An engine result object for the operation. + * @throws SSLException If an SSL message parsing error occurs. + * @throws java.nio.ReadOnlyBufferException If any buffer in 'sinks' + * is not writable. + * @throws IllegalArgumentException If either 'source' or 'sinks' is + * null. + * @throws IllegalStateException If this engine has not been put + * into client or server mode. + * @throws IndexOutOfBoundsException If 'offset' or 'length' is + * negative, or if 'length+offset' is greater than 'sinks.length'. + */ + public abstract SSLEngineResult unwrap (ByteBuffer source, + ByteBuffer[] sinks, int offset, + int length) + throws javax.net.ssl.SSLException; + + /** + * Wraps a byte buffer into an SSL message, for preparation to send + * it over the network. + * + * <p>This method is exactly equivalent to <code>wrap (new + * ByteBuffer[] { source }, 0, 1, sink)</code>. + * + * @param source The source buffer with application data. + * @param sink The buffer to hold the wrapped data. + * @return An engine result object for the operation. + * @throws SSLException If an SSL error occurs. + * @throws java.nio.ReadOnlyBufferException If 'sink' is read-only. + * @throws IllegalArgumentException If either 'source' or 'sink' is + * null. + * @throws IllegalStateException If this engine has not been put + * into client or server mode. + */ + public SSLEngineResult wrap (ByteBuffer source, ByteBuffer sink) + throws SSLException + { + return wrap (new ByteBuffer[] { source }, 0, 1, sink); + } + + /** + * Wraps byte buffers into an SSL message, for preparation to send + * them over the network. + * + * <p>This method is exactly equivalent to <code>wrap (sources, 0, + * 1, sink)</code>. + * + * @param sources The source buffers with application data. + * @param sink The buffer to hold the wrapped data. + * @return An engine result object for the operation. + * @throws SSLException If an SSL error occurs. + * @throws java.nio.ReadOnlyBufferException If 'sink' is read-only. + * @throws IllegalArgumentException If either 'sources' or 'sink' is + * null. + * @throws IllegalStateException If this engine has not been put + * into client or server mode. + */ + public SSLEngineResult wrap (ByteBuffer[] sources, ByteBuffer sink) + throws SSLException + { + return wrap (sources, 0, sources.length, sink); + } + + /** + * Wraps byte buffers into an SSL message, for preparation to send + * them over the network. After wrapping, the data in the sink + * buffer is ready to be sent over the transport layer. + * + * <p>This method may consume no data from the source buffers, and + * yet still produce output that should be sent accross the wire; + * for example if this engine has not yet completed the SSL + * handshake, the sink buffer will be filled with handshake + * messages. + * + * @param sources The source buffers with application data. + * @param offset The offset into the source buffers to start reading + * application data. + * @param length The number of buffers to read from 'sources'. + * @param sink The buffer to hold the wrapped data. + * @return An engine result object for the operation. + * @throws SSLException If an SSL error occurs. + * @throws java.nio.ReadOnlyBufferException If 'sink' is read-only. + * @throws IllegalArgumentException If either 'sources' or 'sink' is + * null. + * @throws IllegalStateException If this engine has not been put + * into client or server mode. + * @throws IndexOutOfBoundsException If 'offset' or 'length' is + * negative, or if 'length+offset' is greater than 'sources.length'. + */ + public abstract SSLEngineResult wrap (ByteBuffer[] sources, int offset, + int length, ByteBuffer sink) + throws SSLException; + +} diff --git a/libjava/classpath/javax/net/ssl/SSLEngineResult.java b/libjava/classpath/javax/net/ssl/SSLEngineResult.java new file mode 100644 index 000000000..4d15258f3 --- /dev/null +++ b/libjava/classpath/javax/net/ssl/SSLEngineResult.java @@ -0,0 +1,194 @@ +/* SSLEngineResult.java -- + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +/** + * A result from an {@link SSLEngine} <code>wrap</code> or + * <code>unwrap</code> operation. This class conveys a possibly + * intermediate result, and may ask for more input data or request + * that output data be sent over a connection. + */ +public class SSLEngineResult +{ + private final HandshakeStatus handshakeStatus; + private final Status status; + private final int bytesConsumed; + private final int bytesProduced; + + /** + * Creates a new SSL engine result. + * + * @param status The status of the SSL connection. + * @param handshakeStatus The status of the SSL handshake. + * @param bytesConsumed The number of bytes consumed by the previous + * operation. + * @param bytesProduced The number of bytes produced by the previous + * operation. + * @throws IllegalArgumentException If either enum value is + * <code>null</code>, or if either integer is negative. + */ + public SSLEngineResult (Status status, HandshakeStatus handshakeStatus, + int bytesConsumed, int bytesProduced) + { + if (status == null) + throw new IllegalArgumentException ("'status' may not be null"); + if (handshakeStatus == null) + throw new IllegalArgumentException ("'handshakeStatus' may not be null"); + if (bytesConsumed < 0) + throw new IllegalArgumentException ("'bytesConumed' must be nonnegative"); + if (bytesProduced < 0) + throw new IllegalArgumentException ("'bytesProduced' must be nonnegative"); + this.status = status; + this.handshakeStatus = handshakeStatus; + this.bytesConsumed = bytesConsumed; + this.bytesProduced = bytesProduced; + } + + + + /** + * An enumeration of possible general states. + */ + public static enum Status + { + + /** + * There were not enough input bytes available to complete the + * operation. + */ + BUFFER_UNDERFLOW, + + /** + * There was not enough space for the output message. + */ + BUFFER_OVERFLOW, + + /** + * Okay. No error. + */ + OK, + + /** + * The connection is closed. + */ + CLOSED + } + + /** + * An enumeration of possible handshake status states. + */ + public static enum HandshakeStatus + { + + /** + * Not currently handshaking. + */ + NOT_HANDSHAKING, + + /** + * The handshake is finished. + */ + FINISHED, + + /** + * Needs the status of one or more delegated tasks. + */ + NEED_TASK, + + /** + * Has data prepared for output, and needs a new call to + * <code>wrap</code>. + */ + NEED_WRAP, + + /** + * Is waiting for more input. + */ + NEED_UNWRAP + } + + + + /** + * Returns the number of bytes consumed by the previous operation. + * + * @return The number of bytes consumed. + */ + public int bytesConsumed () + { + return bytesConsumed; + } + + /** + * Returns the number of bytes produced by the previous operation. + * + * @return The number of bytes produced. + */ + public int bytesProduced () + { + return bytesProduced; + } + + /** + * Returns the handshake status. + * + * @return The handshake status. + */ + public HandshakeStatus getHandshakeStatus () + { + return handshakeStatus; + } + + /** + * Returns the connection status. + * + * @return The connection status. + */ + public Status getStatus () + { + return status; + } + + public String toString () + { + return (super.toString () + " [ status: " + status + "; handshakeStatus: " + + handshakeStatus + "; bytesConsumed: " + bytesConsumed + + "; bytesProduced: " + bytesProduced + " ]"); + } +} diff --git a/libjava/classpath/javax/net/ssl/SSLException.java b/libjava/classpath/javax/net/ssl/SSLException.java new file mode 100644 index 000000000..c72671730 --- /dev/null +++ b/libjava/classpath/javax/net/ssl/SSLException.java @@ -0,0 +1,91 @@ +/* SSLException.java -- generic SSL exception. + Copyright (C) 2004, 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.io.IOException; + +/** + * The superclass of all possible SSL exceptions. Usually, a specific + * exception is thrown instead of this exception. + * + * @author Casey Marshall (rsdio@metastatic.org) + * + * @since 1.4 + */ +public class SSLException extends IOException +{ + private static final long serialVersionUID = 4511006460650708967L; + + // Constructor. + // ------------------------------------------------------------------ + + /** + * Create a new instance with a descriptive error message. + * + * @param message the descriptive error message + */ + public SSLException(String message) + { + super(message); + } + + /** + * Create a new instance with a descriptive error message and + * a cause. + * @param message the descriptive error message + * @param cause the cause + * @since 1.5 + */ + public SSLException(String message, Throwable cause) + { + super(message); + initCause(cause); + } + + /** + * Create a new instance with a cause. + * @param cause the cause + * @since 1.5 + */ + public SSLException(Throwable cause) + { + super(cause == null ? null : cause.toString()); + initCause(cause); + } +} diff --git a/libjava/classpath/javax/net/ssl/SSLHandshakeException.java b/libjava/classpath/javax/net/ssl/SSLHandshakeException.java new file mode 100644 index 000000000..2572d3b53 --- /dev/null +++ b/libjava/classpath/javax/net/ssl/SSLHandshakeException.java @@ -0,0 +1,51 @@ +/* SSLHandshakeException.java -- exception in SSL handshake. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +/** + * An exception that signals an error in the SSL handshake phase. + */ +public class SSLHandshakeException extends SSLException +{ + + public SSLHandshakeException(String message) + { + super(message); + } +} diff --git a/libjava/classpath/javax/net/ssl/SSLKeyException.java b/libjava/classpath/javax/net/ssl/SSLKeyException.java new file mode 100644 index 000000000..bab47275d --- /dev/null +++ b/libjava/classpath/javax/net/ssl/SSLKeyException.java @@ -0,0 +1,52 @@ +/* SSLKeyException.java -- exception in using a key in SSL. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +/** + * An exception signaling a problem using a public or private key in + * an SSL communication. + */ +public class SSLKeyException extends SSLException +{ + + public SSLKeyException(String message) + { + super(message); + } +} diff --git a/libjava/classpath/javax/net/ssl/SSLPeerUnverifiedException.java b/libjava/classpath/javax/net/ssl/SSLPeerUnverifiedException.java new file mode 100644 index 000000000..c53fcdf5a --- /dev/null +++ b/libjava/classpath/javax/net/ssl/SSLPeerUnverifiedException.java @@ -0,0 +1,51 @@ +/* SSLPeerUnverifiedException.java -- unverified peer exception. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +/** + * An exception thrown when the remote peer could not be verified. + */ +public class SSLPeerUnverifiedException extends SSLException +{ + + public SSLPeerUnverifiedException(String message) + { + super(message); + } +} diff --git a/libjava/classpath/javax/net/ssl/SSLPermission.java b/libjava/classpath/javax/net/ssl/SSLPermission.java new file mode 100644 index 000000000..4b1e29539 --- /dev/null +++ b/libjava/classpath/javax/net/ssl/SSLPermission.java @@ -0,0 +1,66 @@ +/* SSLPermission.java -- SSL permission class. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.security.BasicPermission; + +/** + * A permission used for accessing SSL classes. + */ +public final class SSLPermission extends BasicPermission +{ + + // Constant. + // ------------------------------------------------------------------------- + + private static final long serialVersionUID = -3456898025505876775L; + + // Constructors. + // ------------------------------------------------------------------------- + + public SSLPermission(String name) + { + super(name); + } + + public SSLPermission(String name, String actions) + { + super(name, actions); + } +} diff --git a/libjava/classpath/javax/net/ssl/SSLProtocolException.java b/libjava/classpath/javax/net/ssl/SSLProtocolException.java new file mode 100644 index 000000000..5f9f327a3 --- /dev/null +++ b/libjava/classpath/javax/net/ssl/SSLProtocolException.java @@ -0,0 +1,53 @@ +/* SSLProtocolException.java -- exception in SSL protocol. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +/** + * An exception thrown when a fatal protocol error is encountered. This + * exception usually indicates some serious problem with the local or + * remote SSL implementation. + */ +public class SSLProtocolException extends SSLException +{ + + public SSLProtocolException(String message) + { + super(message); + } +} diff --git a/libjava/classpath/javax/net/ssl/SSLServerSocket.java b/libjava/classpath/javax/net/ssl/SSLServerSocket.java new file mode 100644 index 000000000..5748c0794 --- /dev/null +++ b/libjava/classpath/javax/net/ssl/SSLServerSocket.java @@ -0,0 +1,188 @@ +/* SSLServerSocket.java -- a server socket for SSL connections. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.io.IOException; + +import java.net.InetAddress; +import java.net.ServerSocket; + +/** + * A server socket that allows clients to connect via the SSL protocol. + */ +public abstract class SSLServerSocket extends ServerSocket +{ + + // Constructors. + // ------------------------------------------------------------------------- + + protected SSLServerSocket() throws IOException + { + super(); + //super(0); + //throw new UnsupportedOperationException("1.4 socket methods not enabled"); + } + + protected SSLServerSocket(int port) throws IOException + { + super(port); + } + + protected SSLServerSocket(int port, int backlog) throws IOException + { + super(port, backlog); + } + + protected SSLServerSocket(int port, int backlog, InetAddress bindAddress) + throws IOException + { + super(port, backlog, bindAddress); + } + + // Abstract methods. + // ------------------------------------------------------------------------- + + /** + * Returns the list of cihper suites that are currently enabled in this + * server socket. Sockets accepted by this server socket will only have + * these suites enabled. + * + * @return The enabled cipher suites. + */ + public abstract String[] getEnabledCipherSuites(); + + /** + * Sets the list enabled cipher suites. + * + * @param suites The cipher suites to enable. + */ + public abstract void setEnabledCipherSuites(String[] suites); + + /** + * Returns the list of enabled protocols, such as "SSLv3" and "TLSv1". + * + * @return The enabled protocols. + */ + public abstract String[] getEnabledProtocols(); + + /** + * Sets the list of enabled protocols. + * + * @param protocols The list of protocols to enable. + */ + public abstract void setEnabledProtocols(String[] protocols); + + /** + * Returns whether or not sessions will be created, i.e., whether or not + * this server socket will allow SSL session resumption. + * + * @return True if sessions will be created. + */ + public abstract boolean getEnableSessionCreation(); + + /** + * Sets whether or not sessions will be created. + * + * @param enabled The new enabled value. + */ + public abstract void setEnableSessionCreation(boolean enabled); + + /** + * Returns whether or not this server socket will require clients to + * authenticate themselves, such as through a certificate. + * + * @return True if clients must authenticate themselves. + */ + public abstract boolean getNeedClientAuth(); + + /** + * Enabled or disables the requirement that clients authenticate themselves. + * When this is set to <code>true</code>, connections will be rejected if + * connecting clients do not provide proper authentication. + * + * @param needAuth The new need auth value. + */ + public abstract void setNeedClientAuth(boolean needAuth); + + /** + * Returns whether or not sockets accepted by this server socket will do + * their handshake as the client-side. The default is false. + * + * @return True if client mode will be used. + */ + public abstract boolean getUseClientMode(); + + /** + * Sets whether or not sockets accepted by this server socket will be + * created in client mode. + * + * @param clientMode The new client mode value. + */ + public abstract void setUseClientMode(boolean clientMode); + + /** + * Returns whether or not this socket will ask for, but not require, that + * connecting clients authenticate themselves. Clients that do not + * provide authentication they will still be allowed to connect. + * + * @return True if this server socket wants client authentication. + */ + public abstract boolean getWantClientAuth(); + + /** + * Sets whether or not this server socket will want client authentication. + * + * @param wantAuth The new want auth value. + */ + public abstract void setWantClientAuth(boolean wantAuth); + + /** + * Returns a list of cipher suites that this server socket supports. + * + * @return The list of supported suites. + */ + public abstract String[] getSupportedCipherSuites(); + + /** + * Returns a list of SSL protocols supported by this server socket. + * + * @return The list of supported protocols. + */ + public abstract String[] getSupportedProtocols(); +} diff --git a/libjava/classpath/javax/net/ssl/SSLServerSocketFactory.java b/libjava/classpath/javax/net/ssl/SSLServerSocketFactory.java new file mode 100644 index 000000000..8bfe8c145 --- /dev/null +++ b/libjava/classpath/javax/net/ssl/SSLServerSocketFactory.java @@ -0,0 +1,221 @@ +/* SSLServerSocketFactory.java -- factory for SSL server sockets. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.io.IOException; +import java.net.InetAddress; +import java.net.ServerSocket; +import java.security.KeyStore; +import java.security.Security; + +import javax.net.ServerSocketFactory; + +/** + * A server socket factory for <i>Secure Socket Layer</i> (<b>SSL</b>) + * server sockets. + */ +public abstract class SSLServerSocketFactory extends ServerSocketFactory +{ + // Field. + // ------------------------------------------------------------------------- + + private static SSLContext context; + + // Constructor. + // ------------------------------------------------------------------------- + + protected SSLServerSocketFactory() + { + super(); + } + + // Class methods. + // ------------------------------------------------------------------------- + + /** + * Returns a default implementation of a SSL server socket factory. + * + * <p>To control the class that gets returned by this method, set the + * security property "ssl.ServerSocketFactory.provider" to the class + * name of a concrete implementation of this class. If not set, a + * system-dependent implementation will be used.</p> + * + * <p>The implementation returned is created by the first implementation + * of the {@link SSLContext} class found, which is initialized with + * default parameters. To control the key and trust manager factory + * algorithms used as defaults, set the security properties + * "ssl.keyManagerFactory.algorithm" and "ssl.trustManagerFactory.algorithm" + * to the appropriate names.</p> + * + * <p>Using this method is not recommended. Instead, use the methods of + * {@link SSLContext}, which provide much better control over the + * creation of server socket factories.</p> + * + * @return The default server socket factory. + * @throws RuntimeException If no default can be created. + */ + public static synchronized ServerSocketFactory getDefault() + { + try + { + String s = Security.getProperty("ssl.ServerSocketFactory.provider"); + ClassLoader cl = ClassLoader.getSystemClassLoader(); + if (s != null && cl != null) + { + return (ServerSocketFactory) cl.loadClass(s).newInstance(); + } + } + catch (Exception e) + { + } + if (context == null) + { + KeyManager[] km = null; + TrustManager[] tm = null; + + // 1. Determine which algorithms to use for the key and trust + // manager factories. + String kmAlg = KeyManagerFactory.getDefaultAlgorithm(); + String tmAlg = TrustManagerFactory.getDefaultAlgorithm(); + // 2. Try to initialize the factories with default parameters. + try + { + KeyManagerFactory kmf = KeyManagerFactory.getInstance(kmAlg); + kmf.init(null, null); + km = kmf.getKeyManagers(); + } + catch (Exception ex) + { + } + try + { + TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmAlg); + tmf.init((KeyStore) null); + tm = tmf.getTrustManagers(); + } + catch (Exception ex) + { + } + + // 3. Create and initialize a context. + try + { + context = SSLContext.getInstance("SSLv3"); + context.init(km, tm, null); + } + catch (Exception ex) + { + return new ErrorServerSocketFactory(new RuntimeException( + "error instantiating default server socket factory: " + + ex.toString(), ex)); + } + } + try + { + return context.getServerSocketFactory(); + } + catch (Exception e) + { + } + return new ErrorServerSocketFactory(new RuntimeException( + "no SSLSocketFactory implementation available")); + } + + private static final class ErrorServerSocketFactory + extends SSLServerSocketFactory + { + private RuntimeException x; + + ErrorServerSocketFactory(RuntimeException x) + { + this.x = x; + } + + public ServerSocket createServerSocket() throws IOException + { + throw (IOException) new IOException().initCause(x); + } + + public ServerSocket createServerSocket(int port) throws IOException + { + throw (IOException) new IOException().initCause(x); + } + + public ServerSocket createServerSocket(int port, int backlog) + throws IOException + { + throw (IOException) new IOException().initCause(x); + } + + public ServerSocket createServerSocket(int port, int backlog, + InetAddress ifAddress) + throws IOException + { + throw (IOException) new IOException().initCause(x); + } + + public String[] getDefaultCipherSuites() + { + throw new RuntimeException(x); + } + + public String[] getSupportedCipherSuites() + { + throw new RuntimeException(x); + } + } + + // Abstract methods. + // ------------------------------------------------------------------------- + + /** + * Returns the list of cipher suites that will be enabled in server sockets + * created by this factory. + * + * @return The default cipher suites. + */ + public abstract String[] getDefaultCipherSuites(); + + /** + * Returns the list of all cipher suites supported by this factory. + * + * @return The list of supported cipher suites. + */ + public abstract String[] getSupportedCipherSuites(); +} diff --git a/libjava/classpath/javax/net/ssl/SSLSession.java b/libjava/classpath/javax/net/ssl/SSLSession.java new file mode 100644 index 000000000..c8a4785f9 --- /dev/null +++ b/libjava/classpath/javax/net/ssl/SSLSession.java @@ -0,0 +1,235 @@ +/* SSLSession.java -- an SSL session. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.security.Principal; +import java.security.cert.Certificate; + +import javax.security.cert.X509Certificate; + +/** + * An SSL session is a mechanism through which connections can be established + * by re-using previously negotiated handshakes. + */ +public interface SSLSession +{ + + /** + * Returns the size of the largest application data buffer that can + * occur in this session. + * + * <p>Buffers passed to handle the incoming data for the + * <code>unwrap</code> method of SSLEngine must be at least this + * large. + * + * @return The size of application buffers. + * @since 1.5 + */ + int getApplicationBufferSize (); + + /** + * Returns this session's cihper suite. + * + * @return The cipher suite. + */ + String getCipherSuite(); + + /** + * Returns the time in milliseconds since midnight GMT, 1 January 1970, that + * this session was created. + * + * @return The creation time. + */ + long getCreationTime(); + + /** + * Returns this session's unique identifier, a arbitrary byte array of up + * to 32 bytes. + * + * @return The session identifier. + */ + byte[] getId(); + + /** + * Returns the last time this session was accessed. + * + * @return The lest time this session was accessed. + */ + long getLastAccessedTime(); + + /** + * Returns the chain of certificates that the local side used in the + * handshake, or null if none were used. + * + * @return The local certificate chain. + */ + Certificate[] getLocalCertificates(); + + /** + * Returns the {@link Principal} representing the local identity + * used in this session, or <code>null</code> if there is no local + * identity. + * + * @return The local principal. + */ + Principal getLocalPrincipal (); + + /** + * Returns the size of the largest SSL message that will be + * generated by this session. + * + * <p>Callers of <code>wrap</code> and <code>unwrap</code> should + * use this value to determine the size of buffers for data coming + * into, or going out over, the network. + * + * @returns The maximum network packet size. + * @since 1.5 + */ + int getPacketBufferSize (); + + /** + * Returns the chain of certificates that the remote side used in + * the handshake, or null if none were used. + * + * @return The peer's certificate chain. + * @throws SSLPeerUnverifiedException If the identity of the peer has + * not been verified. + */ + Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException; + + /** + * Returns the chain of certificates that the remote side used in + * the handshake, or null if none were used. + * + * @return The peer's certificate chain. + * @throws SSLPeerUnverifiedException If the identity of the peer has + * not been verified. + */ + X509Certificate[] getPeerCertificateChain() + throws SSLPeerUnverifiedException; + + /** + * Returns the remote host's name. + * + * @return The name of the remote host. + */ + String getPeerHost(); + + /** + * Returns the port number the remote peer is using for this + * session. + * + * @return The peer's port number. + * @since 1.5 + */ + int getPeerPort (); + + /** + * Returns the {@link Principal} representing the identity of the + * remote peer, or <code>null</code> if the remote peer has no known + * identity. + * + * @return The remote peer's principal. + * @throws SSLPeerUnverifiedException If the remote peer's identity + * could not be verified. + * @since 1.5 + */ + Principal getPeerPrincipal () throws SSLPeerUnverifiedException; + + /** + * Returns the protocol this session uses. + * + * @return The protocol. + */ + String getProtocol(); + + /** + * Returns this session's session context object. + * + * @return The session context. + * @throws SecurityException If the caller does not have the + * {@link SSLPermission} "getSessionContext". + */ + SSLSessionContext getSessionContext(); + + /** + * Returns the names of all values bound to this session. + * + * @return The list of bound names. + */ + String[] getValueNames(); + + /** + * Returns the object bound to the given name. + * + * @param name The name of the value to get. + * @return The object bound by that name, or null. + */ + Object getValue(String name); + + /** + * Invalidates this session, ensuring that it will not be continued by + * another socket. + */ + void invalidate(); + + /** + * Tells if this session is currently valid, and may be resumed. + * + * @return True if this session is valid. + * @since 1.5 + * @see #invalidate() + */ + boolean isValid (); + + /** + * Binds a value to this session, with the given name. + * + * @param name The name to bind the object with. + * @param value The value to bind. + */ + void putValue(String name, Object value); + + /** + * Un-binds a value. + * + * @param name The name of the value to un-bind. + */ + void removeValue(String name); +} diff --git a/libjava/classpath/javax/net/ssl/SSLSessionBindingEvent.java b/libjava/classpath/javax/net/ssl/SSLSessionBindingEvent.java new file mode 100644 index 000000000..af26efaa8 --- /dev/null +++ b/libjava/classpath/javax/net/ssl/SSLSessionBindingEvent.java @@ -0,0 +1,94 @@ +/* SSLSessionBindingEvent.java -- SSL binding event. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.util.EventObject; + +/** + * An event raised by {@link SSLSession} objects when objects are bound to + * them. + */ +public class SSLSessionBindingEvent extends EventObject +{ + + // Fields. + // ------------------------------------------------------------------- + + private static final long serialVersionUID = 3989172637106345L; + + private final String name; + + // Constructor. + // ------------------------------------------------------------------- + + /** + * Creates a new binding event. + * + * @param session The session being bound to. + * @param name The name the object was bound under. + */ + public SSLSessionBindingEvent(SSLSession session, String name) + { + super(session); + this.name = name; + } + + // Instance methods. + // -------------------------------------------------------------------- + + /** + * Returns the name the object was bound under. + * + * @return The name. + */ + public String getName() + { + return name; + } + + /** + * Returns the session that the object was bound to. + * + * @return The session. + */ + public SSLSession getSession() + { + return (SSLSession) getSource(); + } +} diff --git a/libjava/classpath/javax/net/ssl/SSLSessionBindingListener.java b/libjava/classpath/javax/net/ssl/SSLSessionBindingListener.java new file mode 100644 index 000000000..1941ce553 --- /dev/null +++ b/libjava/classpath/javax/net/ssl/SSLSessionBindingListener.java @@ -0,0 +1,65 @@ +/* SSLSessionBindingListener.java -- listener for SSL bindings. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.util.EventListener; + +/** + * An event listener interface that should be notified when it is bound or + * unbound to a {@link SSLSession}. + */ +public interface SSLSessionBindingListener extends EventListener +{ + + /** + * This method is called of all objects when they are bound to an SSL + * session. + * + * @param event The binding event. + */ + void valueBound(SSLSessionBindingEvent event); + + /** + * This method is called of all objects when they are unbound to an SSL + * session. + * + * @param event The binding event. + */ + void valueUnbound(SSLSessionBindingEvent event); +} diff --git a/libjava/classpath/javax/net/ssl/SSLSessionContext.java b/libjava/classpath/javax/net/ssl/SSLSessionContext.java new file mode 100644 index 000000000..f9127e781 --- /dev/null +++ b/libjava/classpath/javax/net/ssl/SSLSessionContext.java @@ -0,0 +1,103 @@ +/* SSLSessionContext.java -- collection of SSL sessions. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.util.Enumeration; + +/** + * A collection of saved SSL sessions, with thier corresponding session + * IDs. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public interface SSLSessionContext +{ + + /** + * Returns an enumeration of all saved session IDs. Every element in + * the returned enumeration is a byte array. + * + * @return The session IDs. + */ + Enumeration getIds(); + + /** + * Gets the session specified by its ID, or <code>null</code> if there + * is no session, or if it has expired. + * + * @param sessionId The ID of the session to get. + * @return The session, or <code>null</code>. + */ + SSLSession getSession(byte[] sessionId); + + /** + * Returns the maximum number of sessions that may be cached by this + * session context. + * + * @return The maximum number of sessions that may be cached. + */ + int getSessionCacheSize(); + + /** + * Returns the period of time (in seconds) that a session may be cached + * for before becoming invalid. + * + * @return The time a session may be valid. + */ + int getSessionTimeout(); + + /** + * Sets the maximum number of sessions that may be cached by this + * session context. A cache size of 0 means no limit. + * + * @param size The new cache size. + * @throws IllegalArgumentException If <code>size</code> is negative. + */ + void setSessionCacheSize(int size); + + /** + * Sets the period of time (in seconds) that a session may be cached + * for before becoming invalid. A timeout of 0 means that sessions + * never expire. + * + * @param seconds The new timeout. + * @throws IllegalArgumentException If <code>seconds</code> is negative. + */ + void setSessionTimeout(int seconds); +} diff --git a/libjava/classpath/javax/net/ssl/SSLSocket.java b/libjava/classpath/javax/net/ssl/SSLSocket.java new file mode 100644 index 000000000..32a2b5f17 --- /dev/null +++ b/libjava/classpath/javax/net/ssl/SSLSocket.java @@ -0,0 +1,229 @@ +/* SSLSocket.java -- an SSL client socket. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.io.IOException; +import java.net.InetAddress; +import java.net.Socket; +import java.net.UnknownHostException; + +/** + * A socket that communicates over the secure socket layer protocol. + */ +public abstract class SSLSocket extends Socket +{ + + // Constructors. + // ------------------------------------------------------------------------- + + protected SSLSocket() + { + super(); + } + + protected SSLSocket(String host, int port) + throws IOException, UnknownHostException + { + super(host, port); + } + + protected SSLSocket(InetAddress address, int port) throws IOException + { + super(address, port); + } + + protected SSLSocket(String host, int port, + InetAddress localAddr, int localPort) + throws IOException, UnknownHostException + { + super(host, port, localAddr, localPort); + } + + protected SSLSocket(InetAddress address, int port, + InetAddress localAddr, int localPort) + throws IOException + { + super(address, port, localAddr, localPort); + } + + // Abstract methods. + // ------------------------------------------------------------------------- + + /** + * Adds a handshake completed listener that wants to be notified when the + * SSL handshake completes. + * + * @param listener The listener to add. + */ + public abstract void + addHandshakeCompletedListener(HandshakeCompletedListener listener); + + /** + * Removes a handshake listener from this socket. + * + * @param listener The listener to remove. + */ + public abstract void + removeHandshakeCompletedListener(HandshakeCompletedListener listener); + + /** + * Returns the list of currently enabled cipher suites. + * + * @return The list of enabled cipher suites. + */ + public abstract String[] getEnabledCipherSuites(); + + /** + * Sets the list of enabled cipher suites. + * + * @param suites The list of suites to enable. + */ + public abstract void setEnabledCipherSuites(String[] suites); + + /** + * Returns the list of enabled SSL protocols. + * + * @return The list of enabled protocols. + */ + public abstract String[] getEnabledProtocols(); + + /** + * Sets the list of enabled SSL protocols. + * + * @param protocols The list of protocols to enable. + */ + public abstract void setEnabledProtocols(String[] protocols); + + /** + * Returns whether or not sessions will be created by this socket, and thus + * allow sessions to be continued later. + * + * @return Whether or not sessions will be created. + */ + public abstract boolean getEnableSessionCreation(); + + /** + * Sets whether or not sessions will be created by this socket. + * + * @param enable The new value. + */ + public abstract void setEnableSessionCreation(boolean enable); + + /** + * Returns whether or not this socket will require connecting clients to + * authenticate themselves. This value only applies to sockets in server + * mode. + * + * @return Whether or not this socket requires client authentication. + */ + public abstract boolean getNeedClientAuth(); + + /** + * Sets whether or not this socket will require connecting clients to + * authenticate themselves. This value only applies to sockets in server + * mode. + * + * @param needAuth The new need auth value. + */ + public abstract void setNeedClientAuth(boolean needAuth); + + /** + * Returns this socket's session object. + * + * @return The session. + */ + public abstract SSLSession getSession(); + + /** + * Returns the list of cipher suites supported by this socket. + * + * @return The list of supported cipher suites. + */ + public abstract String[] getSupportedCipherSuites(); + + /** + * Returns the list of protocols supported by this socket. + * + * @return The list of supported protocols. + */ + public abstract String[] getSupportedProtocols(); + + /** + * Returns whether or not this socket will connect in client mode. + * + * @return True if this is a client socket. + */ + public abstract boolean getUseClientMode(); + + /** + * Sets whether or not this socket will connect in client mode. + * + * @param clientMode The new value. + */ + public abstract void setUseClientMode(boolean clientMode); + + /** + * Returns whether or not this socket will request that connecting clients + * authenticate themselves. This value only applies to sockets in server + * mode. + * + * @return The want client auth value. + */ + public abstract boolean getWantClientAuth(); + + /** + * Sets whether or not this socket will request that connecting clients + * authenticate themselves. This value only applies to sockets in server + * mode. + * + * @param wantAuth The new want auth value. + */ + public abstract void setWantClientAuth(boolean wantAuth); + + /** + * Explicitly begins the handshake, or, if the handshake has already + * completed, requests that the handshake be repeated. + * + * <p>The handshake will begin implicitly when any attempt to read or + * write to the socket is made.</p> + * + * @throws IOException If an I/O or SSL error occurs. + */ + public abstract void startHandshake() throws IOException; +} diff --git a/libjava/classpath/javax/net/ssl/SSLSocketFactory.java b/libjava/classpath/javax/net/ssl/SSLSocketFactory.java new file mode 100644 index 000000000..2cfb49207 --- /dev/null +++ b/libjava/classpath/javax/net/ssl/SSLSocketFactory.java @@ -0,0 +1,250 @@ +/* SSLSocketFactory.java -- factory for SSL client sockets. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.io.IOException; +import java.net.InetAddress; +import java.net.Socket; +import java.security.KeyStore; +import java.security.Security; + +import javax.net.SocketFactory; + +/** + * A socket factory for creating <i>Secure Socket Layer</i> (<b>SSL</b>) + * sockets. + */ +public abstract class SSLSocketFactory extends SocketFactory +{ + // Constants. + // ------------------------------------------------------------------------- + + private static SSLContext context; + + // Constructor. + // ------------------------------------------------------------------------- + + public SSLSocketFactory() + { + super(); + } + + // Class methods. + // ------------------------------------------------------------------------- + + /** + * Returns a default implementation of a SSL socket factory. + * + * <p>To control the class that gets returned by this method, set the + * security property "ssl.SocketFactory.provider" to the class + * name of a concrete implementation of this class. If not set, a + * system-dependent implementation will be used.</p> + * + * <p>The implementation returned is created by the first implementation + * of the {@link SSLContext} class found, which is initialized with + * default parameters. To control the key and trust manager factory + * algorithms used as defaults, set the security properties + * "ssl.keyManagerFactory.algorithm" and "ssl.trustManagerFactory.algorithm" + * to the appropriate names.</p> + * + * <p>Using this method is not recommended. Instead, use the methods of + * {@link SSLContext}, which provide much better control over the + * creation of socket factories.</p> + * + * @return The default socket factory. + * @throws RuntimeException If no default can be created. + */ + public static synchronized SocketFactory getDefault() + { + try + { + String s = Security.getProperty("ssl.SocketFactory.provider"); + ClassLoader cl = ClassLoader.getSystemClassLoader(); + if (s != null && cl != null) + { + return (SocketFactory) cl.loadClass(s).newInstance(); + } + } + catch (Exception e) + { + } + if (context == null) + { + KeyManager[] km = null; + TrustManager[] tm = null; + + // 1. Determine which algorithms to use for the key and trust + // manager factories. + String kmAlg = KeyManagerFactory.getDefaultAlgorithm(); + String tmAlg = TrustManagerFactory.getDefaultAlgorithm(); + + // 2. Try to initialize the factories with default parameters. + try + { + KeyManagerFactory kmf = KeyManagerFactory.getInstance(kmAlg); + kmf.init(null, null); + km = kmf.getKeyManagers(); + } + catch (Exception ex) + { + } + try + { + TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmAlg); + tmf.init((KeyStore) null); + tm = tmf.getTrustManagers(); + } + catch (Exception ex) + { + } + + // 3. Create and initialize a context. + try + { + context = SSLContext.getInstance("SSLv3"); + context.init(km, tm, null); + } + catch (Exception ex) + { + return new ErrorSocketFactory(new RuntimeException( + "error instantiating default socket factory: " + ex.toString(), + ex)); + } + } + try + { + return context.getSocketFactory(); + } + catch (Exception e) + { + } + return new ErrorSocketFactory(new RuntimeException( + "no SSLSocketFactory implementation available")); + } + + private static final class ErrorSocketFactory extends SSLSocketFactory + { + private RuntimeException x; + + ErrorSocketFactory(RuntimeException x) + { + this.x = x; + } + + public Socket createSocket() throws IOException + { + throw (IOException) new IOException().initCause(x); + } + + public Socket createSocket(String host, int port) + throws IOException + { + throw (IOException) new IOException().initCause(x); + } + + public Socket createSocket(String host, int port, InetAddress localHost, + int localPort) + throws IOException + { + throw (IOException) new IOException().initCause(x); + } + + public Socket createSocket(InetAddress host, int port) throws IOException + { + throw (IOException) new IOException().initCause(x); + } + + public Socket createSocket(InetAddress hast, int port, InetAddress localHost, + int localPort) + throws IOException + { + throw (IOException) new IOException().initCause(x); + } + + public String[] getDefaultCipherSuites() + { + throw new RuntimeException(x); + } + + public String[] getSupportedCipherSuites() + { + throw new RuntimeException(x); + } + + public Socket createSocket(Socket s, String host, int port, + boolean autoClose) + throws IOException + { + throw new RuntimeException(x); + } + } + + // Abstract methods. + // ------------------------------------------------------------------------- + + /** + * Creates a SSL socket wrapped around an existing socket. + * + * @param socket The socket to wrap. + * @param host The host the socket is connected to. + * @param port The port the socket is connected to. + * @param autoClose Whether or not the wrapped socket should be closed + * automatically. + * @return The new SSL socket. + * @throws IOException If the socket could not be created. + */ + public abstract Socket createSocket(Socket socket, String host, + int port, boolean autoClose) + throws IOException; + + /** + * Returns the list of cipher suites that will be enabled in sockets + * created by this factory. + * + * @return The default cipher suites. + */ + public abstract String[] getDefaultCipherSuites(); + + /** + * Returns the list of all cipher suites supported by this factory. + * + * @return The list of supported cipher suites. + */ + public abstract String[] getSupportedCipherSuites(); +} diff --git a/libjava/classpath/javax/net/ssl/TrivialHostnameVerifier.java b/libjava/classpath/javax/net/ssl/TrivialHostnameVerifier.java new file mode 100644 index 000000000..abf1a7f22 --- /dev/null +++ b/libjava/classpath/javax/net/ssl/TrivialHostnameVerifier.java @@ -0,0 +1,51 @@ +/* TrivialHostnameVerifier.java -- non-verifing verifier. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +/** + * A hostname verifier that always rejects mismatched hostnames. + */ +class TrivialHostnameVerifier implements HostnameVerifier +{ + + public boolean verify(String hostname, SSLSession session) + { + return false; + } +} diff --git a/libjava/classpath/javax/net/ssl/TrustManager.java b/libjava/classpath/javax/net/ssl/TrustManager.java new file mode 100644 index 000000000..3bded8b56 --- /dev/null +++ b/libjava/classpath/javax/net/ssl/TrustManager.java @@ -0,0 +1,47 @@ +/* TrustManager.java -- marker interface for trust managers. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +/** + * A marker interface for classes that establish the trust of remote + * hosts. + */ +public interface TrustManager +{ +} diff --git a/libjava/classpath/javax/net/ssl/TrustManagerFactory.java b/libjava/classpath/javax/net/ssl/TrustManagerFactory.java new file mode 100644 index 000000000..e08501a7b --- /dev/null +++ b/libjava/classpath/javax/net/ssl/TrustManagerFactory.java @@ -0,0 +1,287 @@ +/* TrustManagerFactory.java -- factory for trust managers. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import gnu.java.security.Engine; + +import java.lang.reflect.InvocationTargetException; +import java.security.AccessController; +import java.security.InvalidAlgorithmParameterException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PrivilegedAction; +import java.security.Provider; +import java.security.Security; + +/** + * A factory for creating trust manager objects. + */ +public class TrustManagerFactory +{ + + // Constants and fields. + // ------------------------------------------------------------------------- + + /** The service name for trust manager factories. */ + private static final String TRUST_MANAGER_FACTORY = "TrustManagerFactory"; + + /** The system default trust manager algorithm. */ + private static final String DEFAULT_ALGORITHM = "JessieX509"; + + /** The underlying engine class. */ + private final TrustManagerFactorySpi tmfSpi; + + /** The provider of the engine class. */ + private final Provider provider; + + /** The name of this trust manager algorithm. */ + private final String algorithm; + + // Constructor. + // ------------------------------------------------------------------------- + + /** + * Creates a new trust manager factory. + * + * @param tmfSpi The underlying engine class. + * @param provider The provider of the engine class. + * @param algorithm The trust manager algorithm name. + */ + protected TrustManagerFactory(TrustManagerFactorySpi tmfSpi, + Provider provider, String algorithm) + { + this.tmfSpi = tmfSpi; + this.provider = provider; + this.algorithm = algorithm; + } + + /** + * Returns an instance of a trust manager factory for the given algorithm from + * the first provider that implements it. + * + * @param algorithm The name of the algorithm to get. + * @return The instance of the trust manager factory. + * @throws NoSuchAlgorithmException If no provider implements the given + * algorithm. + * @throws IllegalArgumentException if <code>algorithm</code> is + * <code>null</code> or is an empty string. + */ + public static final TrustManagerFactory getInstance(String algorithm) + throws NoSuchAlgorithmException + { + Provider[] p = Security.getProviders(); + NoSuchAlgorithmException lastException = null; + for (int i = 0; i < p.length; i++) + try + { + return getInstance(algorithm, p[i]); + } + catch (NoSuchAlgorithmException x) + { + lastException = x; + } + if (lastException != null) + throw lastException; + throw new NoSuchAlgorithmException(algorithm); + } + + /** + * Returns an instance of a trust manager factory for the given algorithm from + * the named provider. + * + * @param algorithm The name of the algorithm to get. + * @param provider The name of the provider to get the instance from. + * @return The instance of the trust manager factory. + * @throws NoSuchAlgorithmException If the provider does not implement the + * given algorithm. + * @throws NoSuchProviderException If there is no such named provider. + * @throws IllegalArgumentException if either <code>algorithm</code> or + * <code>provider</code> is <code>null</code>, or if + * <code>algorithm</code> is an empty string. + */ + public static final TrustManagerFactory getInstance(String algorithm, + String provider) + throws NoSuchAlgorithmException, NoSuchProviderException + { + if (provider == null) + throw new IllegalArgumentException("provider MUST NOT be null"); + Provider p = Security.getProvider(provider); + if (p == null) + throw new NoSuchProviderException(provider); + return getInstance(algorithm, p); + } + + /** + * Returns an instance of a trust manager factory for the given algorithm from + * the specified provider. + * + * @param algorithm The name of the algorithm to get. + * @param provider The provider to get the instance from. + * @return The instance of the trust manager factory. + * @throws NoSuchAlgorithmException If the provider does not implement the + * given algorithm. + * @throws IllegalArgumentException if either <code>algorithm</code> or + * <code>provider</code> is <code>null</code>, or if + * <code>algorithm</code> is an empty string. + */ + public static final TrustManagerFactory getInstance(String algorithm, + Provider provider) + throws NoSuchAlgorithmException + { + StringBuilder sb = new StringBuilder("TrustManagerFactory algorithm [") + .append(algorithm).append("] from provider[") + .append(provider).append("] could not be created"); + Throwable cause; + try + { + Object spi = Engine.getInstance(TRUST_MANAGER_FACTORY, algorithm, provider); + return new TrustManagerFactory((TrustManagerFactorySpi) spi, + provider, + algorithm); + } + catch (InvocationTargetException x) + { + cause = x.getCause(); + if (cause instanceof NoSuchAlgorithmException) + throw (NoSuchAlgorithmException) cause; + if (cause == null) + cause = x; + } + catch (ClassCastException x) + { + cause = x; + } + NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString()); + x.initCause(cause); + throw x; + } + + /** + * Returns the default algorithm for trust manager factories. The value + * returned is either the value of the security property + * "ssl.TrustManagerFactory.algorithm" if it is set, or the value "JessieX509" + * if not. + * + * @return The default algorithm name. + * @see Security.getProperty(java.lang.String) + */ + public static final String getDefaultAlgorithm() + { + String alg = null; + try + { + alg = (String) AccessController.doPrivileged( + new PrivilegedAction() + { + public Object run() + { + return Security.getProperty("ssl.TrustManagerFactory.algorithm"); + } + } + ); + } + catch (SecurityException se) + { + } + if (alg == null) + alg = DEFAULT_ALGORITHM; + return alg; + } + + // Instance methods. + // ------------------------------------------------------------------------- + + /** + * Returns the name of this trust manager algorithm. + * + * @return The algorithm name. + */ + public final String getAlgorithm() + { + return algorithm; + } + + /** + * Returns the provider of the underlying implementation. + * + * @return The provider. + */ + public final Provider getProvider() + { + return provider; + } + + /** + * Returns the trust managers created by this factory. + * + * @return The trust managers. + */ + public final TrustManager[] getTrustManagers() + { + return tmfSpi.engineGetTrustManagers(); + } + + /** + * Initialize this instance with some algorithm-specific parameters. + * + * @param params The parameters. + * @throws InvalidAlgorithmParameterException If the supplied parameters + * are inappropriate for this instance. + */ + public final void init(ManagerFactoryParameters params) + throws InvalidAlgorithmParameterException + { + tmfSpi.engineInit(params); + } + + /** + * Initialize this instance with a key store. The key store may be null, + * in which case a default will be used. + * + * @param store The key store. + * @throws KeyStoreException If there is a problem reading from the + * key store. + */ + public final void init(KeyStore store) throws KeyStoreException + { + tmfSpi.engineInit(store); + } +} diff --git a/libjava/classpath/javax/net/ssl/TrustManagerFactorySpi.java b/libjava/classpath/javax/net/ssl/TrustManagerFactorySpi.java new file mode 100644 index 000000000..3706674d4 --- /dev/null +++ b/libjava/classpath/javax/net/ssl/TrustManagerFactorySpi.java @@ -0,0 +1,88 @@ +/* TrustManagerFactorySpi.java -- SPI for trust manager factories. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.security.InvalidAlgorithmParameterException; +import java.security.KeyStore; +import java.security.KeyStoreException; + +/** + * The <i>service provider interface</i> (<b>SPI</b>) for trust managers. + */ +public abstract class TrustManagerFactorySpi +{ + + // Constructor. + // ------------------------------------------------------------------------- + + public TrustManagerFactorySpi() + { + super(); + } + + // Abstract methods. + // ------------------------------------------------------------------------- + + /** + * Engine method that returns the trust managers created by this factory. + * + * @return The trust managers. + */ + protected abstract TrustManager[] engineGetTrustManagers(); + + /** + * Engine method that initializes this factory with some algorithm-specific + * parameters. + * + * @param params The parameters. + * @throws InvalidAlgorithmParameterException If the given parameters are + * inappropriate. + */ + protected abstract void engineInit(ManagerFactoryParameters params) + throws InvalidAlgorithmParameterException; + + /** + * Engine method that initializes this factory with a key store. The key + * store parameter may be null, in which case some default should be used. + * + * @param store The key store. + * @throws KeyStoreException If a problem occurs reading from the key store. + */ + protected abstract void engineInit(KeyStore store) throws KeyStoreException; +} diff --git a/libjava/classpath/javax/net/ssl/X509ExtendedKeyManager.java b/libjava/classpath/javax/net/ssl/X509ExtendedKeyManager.java new file mode 100644 index 000000000..0e7c4d484 --- /dev/null +++ b/libjava/classpath/javax/net/ssl/X509ExtendedKeyManager.java @@ -0,0 +1,96 @@ +/* X509ExtendedKeyManager.java -- + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is a part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or (at +your option) any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; if not, write to the Free Software +Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 +USA + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.security.Principal; + +/** + * An extended {@link X509KeyManager} for use with {@link SSLEngine}. + * + * @since 1.5 + * @author Casey Marshall (csm@gnu.org) + */ +public abstract class X509ExtendedKeyManager implements X509KeyManager +{ + + /** + * Default constructor. + */ + protected X509ExtendedKeyManager () + { + } + + /** + * Return a client alias given a list of key types, a list of + * allowable issuers, and the SSLEngine being used. + * + * <p>This implementation always returns <code>null</code>. + * + * @param keyTypes The list of desired key types. + * @param issuers The list of desired key issuers. + * @param engine This client's SSLEngine. + * @return A key alias that matches the given parameters, or + * <code>null</code> if the parameters were not matched. + */ + public String chooseEngineClientAlias (final String[] keyTypes, + final Principal[] issuers, + final SSLEngine engine) + { + return null; + } + + /** + * Return a server alias given a key type, a list of allowable + * issuers, and the SSLEngine being used. + * + * <p>This implementation always returns <code>null</code>. + * + * @param keyType The desired key type. + * @param issuers The list of desired key issuers. + * @param engine The server's SSLEngine. + * @return A key alias that matches the given parameters, or + * <code>null</code> if the parameters were not matched. + */ + public String chooseEngineServerAlias (final String keyType, + final Principal[] issuers, + final SSLEngine engine) + { + return null; + } +} diff --git a/libjava/classpath/javax/net/ssl/X509KeyManager.java b/libjava/classpath/javax/net/ssl/X509KeyManager.java new file mode 100644 index 000000000..6fb6b40bc --- /dev/null +++ b/libjava/classpath/javax/net/ssl/X509KeyManager.java @@ -0,0 +1,108 @@ +/* X509KeyManager.java -- X.509 key manager interface. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.net.Socket; + +import java.security.Principal; +import java.security.PrivateKey; +import java.security.cert.X509Certificate; + +/** + * A key manager for X.509 certificates and their associated private keys. + */ +public interface X509KeyManager extends KeyManager +{ + + /** + * Choose an alias for client-side authentication. + * + * @param keyTypes A list of acceptable key types. + * @param issuers A list of acceptable certificate issuers. + * @param socket The connecting socket. + * @return The chosen alias. + */ + String chooseClientAlias(String[] keyTypes, Principal[] issuers, + Socket socket); + + /** + * Choose an alias for server-side authentication. + * + * @param keyType The desired certificate type. + * @param issuers A list of acceptable certificate issuers. + * @param socket The connecting socket. + * @return The chosen alias. + */ + String chooseServerAlias(String keyType, Principal[] issuers, + Socket socket); + + /** + * Gets the X.509 certificate chain associated with the given alias. + * + * @param alias The alias. + * @return The certificate chain. + */ + X509Certificate[] getCertificateChain(String alias); + + /** + * Returns all client aliases that support the given key type. + * + * @param keyType The desired key type. + * @param issuers A list of acceptable certificate issuers. + * @return The (possibly empty) list of aliases. + */ + String[] getClientAliases(String keyType, Principal[] issuers); + + /** + * Gets the private key associated with the given alias. + * + * @param alias The alias. + * @return The private key. + */ + PrivateKey getPrivateKey(String alias); + + /** + * Returns all server aliases that support the given key type. + * + * @param keyType The desired key type. + * @param issuers A list of acceptable certificate issuers. + * @return The (possibly empty) list of aliases. + */ + String[] getServerAliases(String keyType, Principal[] issuers); +} diff --git a/libjava/classpath/javax/net/ssl/X509TrustManager.java b/libjava/classpath/javax/net/ssl/X509TrustManager.java new file mode 100644 index 000000000..97daaf046 --- /dev/null +++ b/libjava/classpath/javax/net/ssl/X509TrustManager.java @@ -0,0 +1,76 @@ +/* X509TrustManager.java -- X.509 trust manager interface. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; + +/** + * A trust manager for dealing with X.509 certificates. + */ +public interface X509TrustManager extends TrustManager +{ + + /** + * Checks if a certificate chain sent by the client is trusted. + * + * @param chain The certificate chain to check. + * @param authType The authentication type. + * @throws CertificateException If the client's certificates are not trusted. + */ + void checkClientTrusted(X509Certificate[] chain, String authType) + throws CertificateException; + + /** + * Checks if a certificate chain sent by the server is trusted. + * + * @param chain The certificate chain to check. + * @param authType The authentication type. + * @throws CertificateException If the server's certificates are not trusted. + */ + void checkServerTrusted(X509Certificate[] chain, String authType) + throws CertificateException; + + /** + * Returns the list of trusted issuer certificates currently in use. + * + * @return The list of trusted issuer certificates. + */ + X509Certificate[] getAcceptedIssuers(); +} diff --git a/libjava/classpath/javax/net/ssl/package.html b/libjava/classpath/javax/net/ssl/package.html new file mode 100644 index 000000000..abc6f0591 --- /dev/null +++ b/libjava/classpath/javax/net/ssl/package.html @@ -0,0 +1,46 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> +<!-- package.html - describes classes in javax.net.ssl package. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. --> + +<html> +<head><title>GNU Classpath - javax.net.ssl</title></head> + +<body> +<p></p> + +</body> +</html> |