summaryrefslogtreecommitdiff
path: root/libjava/classpath/javax/net/ssl/SSLEngine.java
diff options
context:
space:
mode:
Diffstat (limited to 'libjava/classpath/javax/net/ssl/SSLEngine.java')
-rw-r--r--libjava/classpath/javax/net/ssl/SSLEngine.java442
1 files changed, 442 insertions, 0 deletions
diff --git a/libjava/classpath/javax/net/ssl/SSLEngine.java b/libjava/classpath/javax/net/ssl/SSLEngine.java
new file mode 100644
index 000000000..2ba7bb636
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLEngine.java
@@ -0,0 +1,442 @@
+/* SSLEngine.java -- advanced, generic utility for manipulating SSL messages.
+ Copyright (C) 2006 Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.nio.ByteBuffer;
+
+/**
+ * A class for low-level message wrapping and unwrapping of SSL
+ * messages.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.5
+ */
+public abstract class SSLEngine
+{
+ private final String peerHost;
+ private final int peerPort;
+
+ /**
+ * Creates a new SSLEngine with no peer host name or port number.
+ */
+ protected SSLEngine ()
+ {
+ this (null, -1);
+ }
+
+ /**
+ * Creates a new SSLEngine with the specified peer host name and
+ * port number.
+ *
+ * @param peerHost The peer's host name.
+ * @param peerPort The peer's port number.
+ */
+ protected SSLEngine (String peerHost, int peerPort)
+ {
+ this.peerHost = peerHost;
+ this.peerPort = peerPort;
+ }
+
+
+
+ /**
+ * Begin, or restart, the SSL handshake.
+ *
+ * @throws SSLException
+ */
+ public abstract void beginHandshake () throws SSLException;
+
+ /**
+ * Close the inbound state.
+ *
+ * @throws SSLException
+ */
+ public abstract void closeInbound () throws SSLException;
+
+ /**
+ * Close the outbound state.
+ */
+ public abstract void closeOutbound ();
+
+ /**
+ *
+ */
+ public abstract Runnable getDelegatedTask ();
+
+ /**
+ * Returns the peer host name this SSL session is connected to, or
+ * <code>null</code> if this value was not set.
+ *
+ * @return The peer host's name.
+ */
+ public String getPeerHost ()
+ {
+ return peerHost;
+ }
+
+ /**
+ * Returns the peer IP port number this SSL session in communicating
+ * on, or -1 if this value was not set.
+ *
+ * @return The peer's port number.
+ */
+ public int getPeerPort ()
+ {
+ return peerPort;
+ }
+
+ /**
+ * Returns a list of SSL cipher suite names this SSLEngine is
+ * configured to use.
+ *
+ * @return The list of enabled cipher suite names.
+ */
+ public abstract String[] getEnabledCipherSuites();
+
+ /**
+ * Returns a list of SSL protocol version names this SSLEngine is
+ * configured to use.
+ *
+ * @return The list of enabled protocol names.
+ */
+ public abstract String[] getEnabledProtocols ();
+
+ /**
+ * Tells if sessions will be created by this engine, and therefore
+ * may be resumed at a later time.
+ *
+ * @return True if sessions will be created.
+ */
+ public abstract boolean getEnableSessionCreation();
+
+ /**
+ * Return the current handshake status.
+ *
+ * @return The current handshake status.
+ */
+ public abstract SSLEngineResult.HandshakeStatus getHandshakeStatus ();
+
+ /**
+ * Tells if this SSLEngine is configured to require client
+ * authentication when in server mode.
+ *
+ * @return True iff client authentication is required.
+ */
+ public abstract boolean getNeedClientAuth ();
+
+ /**
+ * Return the {@link SSLSession} object this connection represents.
+ *
+ * @return The SSL session.
+ */
+ public abstract SSLSession getSession ();
+
+ /**
+ * Returns a list of SSL cipher suite names this SSLEngine
+ * implementation supports.
+ *
+ * @return The list of cipher suite names supported by this
+ * implementation.
+ */
+ public abstract String[] getSupportedCipherSuites ();
+
+ /**
+ * Returns a list of SSL protocol version names this SSLEngine
+ * implementation supports. SSL protocol names include things like
+ * "SSLv3" or "TLSv1".
+ *
+ * @return The list of SSL protocol names
+ */
+ public abstract String[] getSupportedProtocols ();
+
+ /**
+ * Tells if this SSLEngine is a "client" session.
+ *
+ * @return True iff this session is configured for client mode.
+ */
+ public abstract boolean getUseClientMode ();
+
+ /**
+ * Tells if client authentication is requested, but not required,
+ * for sessions in server mode. If true, a server session will
+ * request an authentication message from connecting clients, but
+ * will still allow clients to connect if they cannot be
+ * authenticated.
+ *
+ * @return True iff client authentication is requested.
+ */
+ public abstract boolean getWantClientAuth ();
+
+ /**
+ * Tells if the incoming data stream is finished, and thus if no
+ * more data will be available to be unwrapped.
+ *
+ * @return True if no more data is to be unwrapped.
+ */
+ public abstract boolean isInboundDone ();
+
+ /**
+ * Tells if the outgoing data stream is finished, and thus if no
+ * more data may be wrapped.
+ *
+ * @return True if no more data may be wrapped.
+ */
+ public abstract boolean isOutboundDone ();
+
+ /**
+ * Sets the list of enabled cipher suites. The argument is an array
+ * of strings of the canonical suite names.
+ *
+ * @param suites The cipher suites to enable.
+ * @throws IllegalArgumentException If any of the specified suite
+ * strings is not supported by this implementation, or if the
+ * argument is null.
+ */
+ public abstract void setEnabledCipherSuites (String[] suites);
+
+ /**
+ * Sets the list of enabled protocol versions. The argument is an
+ * array of strings of the canonical protocol version names, such as
+ * "TLSv1".
+ *
+ * @param protocols The protocol versions to enable.
+ * @throws IllegalArgumentException If any of the specified
+ * protocols are not supported, or if the argument is null.
+ */
+ public abstract void setEnabledProtocols (String[] protocols);
+
+ /**
+ * Enables or disables session creation. If enabled, each connection
+ * will create session that may be resumed by another connection.
+ *
+ * @param create Whether or not to enable session creation.
+ */
+ public abstract void setEnableSessionCreation (boolean create);
+
+ /**
+ * Enables client or server mode. If the argument is true, this
+ * engine will run in client mode; if false, server mode.
+ *
+ * @param clientMode Whether or not to use client mode.
+ */
+ public abstract void setUseClientMode (boolean clientMode);
+
+ /**
+ * Enables or disables required client authentication. If enabled,
+ * clients may only connect if they provide proper identification.
+ *
+ * <p>This parameter is only used in server mode.
+ *
+ * @param needAuth Whether or not client authentication is required.
+ */
+ public abstract void setNeedClientAuth (boolean needAuth);
+
+ /**
+ * Enables or disables requested client authentication. If enabled,
+ * clients will be asked to provide proper identification, but will
+ * still be allowed to connect if they do not provide it.
+ *
+ * <p>This parameter is only used in server mode.
+ *
+ * @param wantAuth Whether or not client authentication will be
+ * requested, but not required.
+ */
+ public abstract void setWantClientAuth (boolean wantAuth);
+
+ /**
+ * Unwraps a byte buffer recieved from the network, storing the
+ * decrypted, unwrapped bytes into the given buffer.
+ *
+ * <p>This call is exactly equivalent to <code>unwrap (source, new
+ * ByteBuffer[] { sink }, 0, 1)</code>.
+ *
+ * @param source The source bytes, coming from the network.
+ * @param sink The buffer to hold the unwrapped message.
+ * @return An engine result object for the operation.
+ * @throws SSLException If an SSL message parsing error occurs.
+ * @throws java.nio.ReadOnlyBufferException If 'sink' is not
+ * writable.
+ * @throws IllegalArgumentException If either 'source' or 'sink' is
+ * null.
+ * @throws IllegalStateException If this engine has not been put
+ * into client or server mode.
+ */
+ public SSLEngineResult unwrap (ByteBuffer source, ByteBuffer sink)
+ throws SSLException
+ {
+ return unwrap (source, new ByteBuffer[] { sink }, 0, 1);
+ }
+
+ /**
+ * Unwraps a byte buffer recieved from the network, storing the
+ * decrypted, unwrapped bytes into the given buffers.
+ *
+ * <p>This call is exactly equivalent to <code>unwrap (source,
+ * sinks, 0, sinks.length)</code>.
+ *
+ * @param source The source bytes, coming from the network.
+ * @param sinks The buffers to hold the unwrapped message.
+ * @return An engine result object for the operation.
+ * @throws SSLException If an SSL message parsing error occurs.
+ * @throws java.nio.ReadOnlyBufferException If any buffer in 'sinks'
+ * is not writable.
+ * @throws IllegalArgumentException If either 'source' or 'sinks' is
+ * null.
+ * @throws IllegalStateException If this engine has not been put
+ * into client or server mode.
+ */
+ public SSLEngineResult unwrap (ByteBuffer source, ByteBuffer[] sinks)
+ throws SSLException
+ {
+ return unwrap (source, sinks, 0, sinks.length);
+ }
+
+ /**
+ * Unwraps a byte buffer received from the network, storing the
+ * decrypted, unwrapped bytes into the given buffers. After
+ * unwrapping, the bytes placed into the sink buffers are ready for
+ * consumption by the application.
+ *
+ * <p>This method may place no bytes in the destination buffer; for
+ * example, if this engine is still performing the SSL handshake,
+ * only handshake data will be consumed, and no application data.
+ *
+ * <p>It is stated that this method may modify the source buffer,
+ * and that it must not be passed to another SSLEngine (SSL
+ * connections are independent, so another SSLEngine will not have
+ * the parameters or state to handle messages meant for this
+ * engine).
+ *
+ * @param source The source bytes, coming from the network.
+ * @param sinks The buffers to hold the unwrapped message.
+ * @param offset The index of the first buffer in 'sinks' to use.
+ * @param length The number of buffers in 'sinks' to use.
+ * @return An engine result object for the operation.
+ * @throws SSLException If an SSL message parsing error occurs.
+ * @throws java.nio.ReadOnlyBufferException If any buffer in 'sinks'
+ * is not writable.
+ * @throws IllegalArgumentException If either 'source' or 'sinks' is
+ * null.
+ * @throws IllegalStateException If this engine has not been put
+ * into client or server mode.
+ * @throws IndexOutOfBoundsException If 'offset' or 'length' is
+ * negative, or if 'length+offset' is greater than 'sinks.length'.
+ */
+ public abstract SSLEngineResult unwrap (ByteBuffer source,
+ ByteBuffer[] sinks, int offset,
+ int length)
+ throws javax.net.ssl.SSLException;
+
+ /**
+ * Wraps a byte buffer into an SSL message, for preparation to send
+ * it over the network.
+ *
+ * <p>This method is exactly equivalent to <code>wrap (new
+ * ByteBuffer[] { source }, 0, 1, sink)</code>.
+ *
+ * @param source The source buffer with application data.
+ * @param sink The buffer to hold the wrapped data.
+ * @return An engine result object for the operation.
+ * @throws SSLException If an SSL error occurs.
+ * @throws java.nio.ReadOnlyBufferException If 'sink' is read-only.
+ * @throws IllegalArgumentException If either 'source' or 'sink' is
+ * null.
+ * @throws IllegalStateException If this engine has not been put
+ * into client or server mode.
+ */
+ public SSLEngineResult wrap (ByteBuffer source, ByteBuffer sink)
+ throws SSLException
+ {
+ return wrap (new ByteBuffer[] { source }, 0, 1, sink);
+ }
+
+ /**
+ * Wraps byte buffers into an SSL message, for preparation to send
+ * them over the network.
+ *
+ * <p>This method is exactly equivalent to <code>wrap (sources, 0,
+ * 1, sink)</code>.
+ *
+ * @param sources The source buffers with application data.
+ * @param sink The buffer to hold the wrapped data.
+ * @return An engine result object for the operation.
+ * @throws SSLException If an SSL error occurs.
+ * @throws java.nio.ReadOnlyBufferException If 'sink' is read-only.
+ * @throws IllegalArgumentException If either 'sources' or 'sink' is
+ * null.
+ * @throws IllegalStateException If this engine has not been put
+ * into client or server mode.
+ */
+ public SSLEngineResult wrap (ByteBuffer[] sources, ByteBuffer sink)
+ throws SSLException
+ {
+ return wrap (sources, 0, sources.length, sink);
+ }
+
+ /**
+ * Wraps byte buffers into an SSL message, for preparation to send
+ * them over the network. After wrapping, the data in the sink
+ * buffer is ready to be sent over the transport layer.
+ *
+ * <p>This method may consume no data from the source buffers, and
+ * yet still produce output that should be sent accross the wire;
+ * for example if this engine has not yet completed the SSL
+ * handshake, the sink buffer will be filled with handshake
+ * messages.
+ *
+ * @param sources The source buffers with application data.
+ * @param offset The offset into the source buffers to start reading
+ * application data.
+ * @param length The number of buffers to read from 'sources'.
+ * @param sink The buffer to hold the wrapped data.
+ * @return An engine result object for the operation.
+ * @throws SSLException If an SSL error occurs.
+ * @throws java.nio.ReadOnlyBufferException If 'sink' is read-only.
+ * @throws IllegalArgumentException If either 'sources' or 'sink' is
+ * null.
+ * @throws IllegalStateException If this engine has not been put
+ * into client or server mode.
+ * @throws IndexOutOfBoundsException If 'offset' or 'length' is
+ * negative, or if 'length+offset' is greater than 'sources.length'.
+ */
+ public abstract SSLEngineResult wrap (ByteBuffer[] sources, int offset,
+ int length, ByteBuffer sink)
+ throws SSLException;
+
+}