diff options
Diffstat (limited to 'libjava/javax/net/ssl')
30 files changed, 3583 insertions, 0 deletions
diff --git a/libjava/javax/net/ssl/HandshakeCompletedEvent.java b/libjava/javax/net/ssl/HandshakeCompletedEvent.java new file mode 100644 index 00000000000..6171ebc48e7 --- /dev/null +++ b/libjava/javax/net/ssl/HandshakeCompletedEvent.java @@ -0,0 +1,152 @@ +/* HandshakeCompletedEvent.java -- SSL handshake completed. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.security.cert.Certificate; +import javax.security.cert.X509Certificate; + +/** + * An event raised by a SSLSocket and passed to the {@link + * HandshakeCompletedListener#handshakeCompleted(HandshakeCompletedEvent)} + * method of all registered listeners when a SSL handshake in a SSL + * protocol is completed. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public class HandshakeCompletedEvent extends java.util.EventObject +{ + + // Fields. + // ------------------------------------------------------------------- + + /** Serialization constant. */ + private static final long serialVersionUID = 7914963744257769778L; + + /** The session. */ + private transient final SSLSession session; + + // Constructor. + // ------------------------------------------------------------------- + + /** + * Creates a new handshake completed event. + * + * @param socket The socket (also the source) creating this event. + * @param session The associated session object. + * @throws NullPointerException If <i>session</i> is null. + */ + public HandshakeCompletedEvent(SSLSocket socket, SSLSession session) + { + super(socket); + if (session == null) + throw new NullPointerException(); + this.session = session; + } + + // Instance methods. + // -------------------------------------------------------------------- + + /** + * Returns the name of the cipher that was negotiated in this + * connection. + * + * @return The negotiated cipher name. + */ + public String getCipherSuite() + { + if (session != null) + return session.getCipherSuite(); + return null; + } + + /** + * Returns the local certificates being used in this connection. + * + * @return The local certificates. + */ + public Certificate[] getLocalCertificates() + { + if (session != null) + return session.getLocalCertificates(); + return null; + } + + /** + * Returns the peer's certificates being used in this connection. + * + * @return The peer's certificates. + * @throws SSLPeerUnverifiedException If the peer has not been + * verified. + */ + public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException + { + if (session != null) + return session.getPeerCertificates(); + return null; + } + + public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException + { + if (session != null) + return session.getPeerCertificateChain(); + return null; + } + + /** + * Returns the SSL session object associated with this connection. + * + * @return The session object. + */ + public SSLSession getSession() + { + return session; + } + + /** + * Returns the socket over which this connection is being + * negotiated. This method is equivalent to the {@link + * java.util.EventObject#getSource()} method. + * + * @return The socket. + */ + public SSLSocket getSocket() + { + return (SSLSocket) getSource(); + } +} diff --git a/libjava/javax/net/ssl/HandshakeCompletedListener.java b/libjava/javax/net/ssl/HandshakeCompletedListener.java new file mode 100644 index 00000000000..5b79bf973d8 --- /dev/null +++ b/libjava/javax/net/ssl/HandshakeCompletedListener.java @@ -0,0 +1,57 @@ +/* HandshakeCompletedListener.java -- listens for handshake events. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +/** + * An event listener that waits to be notified of {@link + * HandshakeCompletedEvent} objects created when handshake phase of + * the SSL protocol is completed for a particular connection. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public interface HandshakeCompletedListener extends java.util.EventListener +{ + + /** + * Called when the handshake phase of the SSL protocol completes. + * + * @param event The event describing the new connection. + */ + void handshakeCompleted(HandshakeCompletedEvent event); +} diff --git a/libjava/javax/net/ssl/HostnameVerifier.java b/libjava/javax/net/ssl/HostnameVerifier.java new file mode 100644 index 00000000000..a45648effb3 --- /dev/null +++ b/libjava/javax/net/ssl/HostnameVerifier.java @@ -0,0 +1,64 @@ +/* HostnameVerifier.java -- verifies disparate hostnames. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +/** + * The interface for classes that perform hostname verification for cases + * when the hostname used to begin the connection (such as in a URL) + * does not match the hostname used in the SSL handshake. + * Implementations of this interface should provide an implementation + * of the {@link #verify(java.lang.String,javax.net.ssl.SSLSession)} + * method that accepts or rejects hostnames as appropriate. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public interface HostnameVerifier +{ + + /** + * Verifies a hostname given a particular SSL session. This method + * should return <code>true</code> if the hostname is an accepted + * alias for the hostname negotiated in the SSL handshake. + * + * @param hostname The hostname in question. + * @param session The current SSL session. + * @return <code>true</code> if the hostname is acceptable. + */ + boolean verify(String hostname, SSLSession session); +} diff --git a/libjava/javax/net/ssl/HttpsURLConnection.java b/libjava/javax/net/ssl/HttpsURLConnection.java new file mode 100644 index 00000000000..a7b86c184b4 --- /dev/null +++ b/libjava/javax/net/ssl/HttpsURLConnection.java @@ -0,0 +1,256 @@ +/* HttpsURLConnection.java -- an HTTPS connection. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.io.IOException; +import java.net.HttpURLConnection; +import java.net.URL; +import java.security.cert.Certificate; + +/** + * A URL connection that connects via the <i>Secure Socket Layer</i> + * (<b>SSL</b>) for HTTPS connections. + * + * <p>This class may be used in the same way as {@link + * HttpURLConnection}, and it will transparently negotiate the SSL + * connection. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public abstract class HttpsURLConnection extends HttpURLConnection +{ + + // Fields. + // ------------------------------------------------------------------ + + /** The default verifier. */ + private static HostnameVerifier defaultVerifier; + + /** The default factory. */ + private static SSLSocketFactory defaultFactory; + + /** + * The hostname verifier used for this connection. + */ + protected HostnameVerifier hostnameVerifier; + + /** + * This connection's socket factory. + */ + private SSLSocketFactory factory; + + // Static initializer. + // ------------------------------------------------------------------ + + static { + defaultVerifier = new TrivialHostnameVerifier(); + try + { + defaultFactory = (SSLSocketFactory) SSLSocketFactory.getDefault(); + } + catch (Throwable t) + { + t.printStackTrace(); + } + } + + // Constructor. + // ------------------------------------------------------------------ + + /** + * Creates a new HTTPS URL connection. + * + * @param url The URL of the connection being established. + * @throws IOException If the connection cannot be established. + */ + protected HttpsURLConnection(URL url) throws IOException + { + super(url); + hostnameVerifier = defaultVerifier; + factory = defaultFactory; + } + + // Class methods. + // ------------------------------------------------------------------ + + /** + * Returns the default hostname verifier used in all new + * connections. + * + * @return The default hostname verifier. + */ + public static HostnameVerifier getDefaultHostnameVerifier() + { + return defaultVerifier; + } + + /** + * Sets the default hostname verifier to be used in all new + * connections. + * + * @param newDefault The new default hostname verifier. + * @throws IllegalArgumentException If <i>newDefault</i> is null. + * @throws SecurityException If there is a security manager + * currently installed and the caller does not have the {@link + * SSLPermission} "setHostnameVerifier". + */ + public static void setDefaultHostnameVerifier(HostnameVerifier newDefault) + { + if (newDefault == null) + throw new IllegalArgumentException("default verifier cannot be null"); + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkPermission(new SSLPermission("setHostnameVerifier")); + defaultVerifier = newDefault; + } + + /** + * Returns the default SSL socket factory used in all new + * connections. + * + * @return The default SSL socket factory. + */ + public static SSLSocketFactory getDefaultSSLSocketFactory() + { + return defaultFactory; + } + + /** + * Sets the default SSL socket factory to be used in all new + * connections. + * + * @param newDefault The new socket factory. + * @throws IllegalArgumentException If <i>newDefault</i> is null. + * @throws SecurityException If there is a security manager + * installed and a call to {@link + * SecurityManager#checkSetFactory()} fails. + */ + public static void setDefaultSSLSocketFactory(SSLSocketFactory newDefault) + { + if (newDefault == null) + throw new IllegalArgumentException("default factory cannot be null"); + SecurityManager sm = System.getSecurityManager(); + if (sm != null) + sm.checkSetFactory(); + defaultFactory = newDefault; + } + + // Instance methods. + // ------------------------------------------------------------------ + + /** + * Returns the current hostname verifier for this instance. + * + * @return The hostname verifier. + */ + public HostnameVerifier getHostnameVerifier() + { + return hostnameVerifier; + } + + /** + * Sets the hostname verifier for this instance. + * + * @param hostnameVerifier The new verifier. + * @throws IllegalArgumentException If <i>hostnameVerifier</i> is + * null. + */ + public void setHostnameVerifier(HostnameVerifier hostnameVerifier) + { + if (hostnameVerifier == null) + throw new IllegalArgumentException("verifier cannot be null"); + this.hostnameVerifier = hostnameVerifier; + } + + /** + * Returns the current SSL socket factory for this instance. + * + * @return The current SSL socket factory. + */ + public SSLSocketFactory getSSLSocketFactory() + { + return factory; + } + + /** + * Sets the SSL socket factory for this instance. + * + * @param factory The new factory. + * @throws IllegalArgumentException If <i>factory</i> is null. + */ + public void setSSLSocketFactory(SSLSocketFactory factory) + { + if (factory == null) + throw new IllegalArgumentException("factory cannot be null"); + this.factory = factory; + } + + // Abstract methods. + // ------------------------------------------------------------------- + + /** + * Returns the cipher name negotiated for this connection. + * + * @return The cipher name. + * @throws IllegalStateException If the connection has not yet been + * established. + */ + public abstract String getCipherSuite(); + + /** + * Returns the certificates used on the local side in this + * connection. + * + * @return The local certificates. + * @throws IllegalStateException If the connection has not yet been + * established. + */ + public abstract Certificate[] getLocalCertificates(); + + /** + * Returns the certificates sent by the other party. + * + * @return The peer's certificates. + * @throws IllegalStateException If the connection has not yet been + * established. + * @throws SSLPeerUnverifiedException If the peer could not be + * verified. + */ + public abstract Certificate[] getServerCertificates() throws SSLPeerUnverifiedException; +} diff --git a/libjava/javax/net/ssl/KeyManager.java b/libjava/javax/net/ssl/KeyManager.java new file mode 100644 index 00000000000..083f3f592ed --- /dev/null +++ b/libjava/javax/net/ssl/KeyManager.java @@ -0,0 +1,51 @@ +/* KeyManager.java -- marker interface for key manager classes. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +/** + * A marker interface for objects that serve as key managers in SSL + * communications. Key managers typically keep track of the public + * certificates and private keys when authenticating the local host to + * remote host, and thus is typically used in SSL servers. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public interface KeyManager +{ +} diff --git a/libjava/javax/net/ssl/KeyManagerFactory.java b/libjava/javax/net/ssl/KeyManagerFactory.java new file mode 100644 index 00000000000..a166f60aa43 --- /dev/null +++ b/libjava/javax/net/ssl/KeyManagerFactory.java @@ -0,0 +1,281 @@ +/* KeyManagerFactory.java -- factory for key managers. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.lang.reflect.InvocationTargetException; + +import java.security.AccessController; +import java.security.InvalidAlgorithmParameterException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PrivilegedAction; +import java.security.Provider; +import java.security.Security; +import java.security.UnrecoverableKeyException; + +import gnu.java.security.Engine; + +/** + * A class that creates key manager implementations based on a + * requested algorithm. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public class KeyManagerFactory +{ + + // Constants and fields. + // ------------------------------------------------------------------ + + /** The service name for key manager factories. */ + private static final String KEY_MANAGER_FACTORY = "KeyManagerFactory"; + + /** The system default trust manager algorithm. */ + private static final String DEFAULT_ALGORITHM = "JessieX509"; + + /** The underlying engine. */ + private final KeyManagerFactorySpi kmfSpi; + + /** The provider of this implementation. */ + private final Provider provider; + + /** The name of this algorithm. */ + private final String algorithm; + + // Constructor. + // ------------------------------------------------------------------ + + /** + * Create a new key manager factory. + * + * @param kmfSpi The underlying engine. + * @param provider The engine's provider. + * @param algorithm The name of this algorithm. + */ + protected KeyManagerFactory(KeyManagerFactorySpi kmfSpi, + Provider provider, String algorithm) + { + this.kmfSpi = kmfSpi; + this.provider = provider; + this.algorithm = algorithm; + } + + // Class methods. + // ------------------------------------------------------------------ + + /** + * Get the default algorithm name. This value may be specified at + * run-time via the security property + * "ssl.KeyManagerFactory.algorithm". If this property is + * not specified, this method returns "JessieX509". + * + * @return The default key manager factory algorithm's name. + */ + public static final String getDefaultAlgorithm() + { + String alg = null; + try + { + alg = (String) AccessController.doPrivileged( + new PrivilegedAction() + { + public Object run() + { + return Security.getProperty("ssl.KeyManagerFactory.algorithm"); + } + } + ); + } + catch (SecurityException se) + { + } + if (alg == null) + alg = DEFAULT_ALGORITHM; + return alg; + } + + /** + * Get an instance of the named key manager factory, from the first + * provider that implements it. + * + * @param algorithm The type of key manager factory to get. + * @return An appropriate implementation of that algoritm. + * @throws NoSuchAlgorithmException If no provider implements the + * requested algorithm. + */ + public static final KeyManagerFactory getInstance(String algorithm) + throws NoSuchAlgorithmException + { + Provider[] provs = Security.getProviders(); + for (int i = 0; i < provs.length; i++) + { + try + { + return getInstance(algorithm, provs[i]); + } + catch (NoSuchAlgorithmException ignore) + { + } + } + throw new NoSuchAlgorithmException(algorithm); + } + + /** + * Get an instance of the named key manager factory, from the named + * provider. + * + * @param algorithm The type of key manager factory to get. + * @param provider The name of the provider to get the + * implementation from. + * @return An appropriate implementation of that algorithm. + * @throws NoSuchAlgorithmException If the provider does not + * implement the requested algorithm. + * @throws NoSuchProviderException If the named provider does not + * exist. + */ + public static final KeyManagerFactory getInstance(String algorithm, String provider) + throws NoSuchAlgorithmException, NoSuchProviderException + { + if (provider == null) + throw new IllegalArgumentException("provider is null"); + Provider p = Security.getProvider(provider); + if (p == null) + throw new NoSuchProviderException(provider); + return getInstance(algorithm, p); + } + + /** + * Get an instance of the named key manager factory, from the given + * provider. + * + * @param algorithm The type of key manager factory to get. + * @param provider The provider to get the implementation from. + * @return An appropriate implementation of that algorithm. + * @throws NoSuchAlgorithmException If the provider does not + * implement the requested algorithm. + * @throws IllegalArgumentException If <i>provider</i> is null. + */ + public static final KeyManagerFactory getInstance(String algorithm, Provider provider) + throws NoSuchAlgorithmException + { + if (provider == null) + throw new IllegalArgumentException("provider is null"); + try + { + return new KeyManagerFactory((KeyManagerFactorySpi) + Engine.getInstance(KEY_MANAGER_FACTORY, algorithm, provider), + provider, algorithm); + } + catch (InvocationTargetException ite) + { + throw new NoSuchAlgorithmException(algorithm); + } + catch (ClassCastException cce) + { + throw new NoSuchAlgorithmException(algorithm); + } + } + + // Instance methods. + // ------------------------------------------------------------------- + + /** + * Returns the name of this key manager factory algorithm. + * + * @return The name of this key manager factory algorithm. + */ + public final String getAlgorithm() + { + return algorithm; + } + + /** + * Get an array of key managers appropriate for this algorithm, with + * the most preferred manager first. + * + * @return The array of key managers. + */ + public final KeyManager[] getKeyManagers() + { + return kmfSpi.engineGetKeyManagers(); + } + + /** + * Returns the provider of this implementation. + * + * @return The provider of this implementation. + */ + public final Provider getProvider() + { + return provider; + } + + /** + * Initialize this instance with an implementation-dependent + * parameter object. + * + * @param params The parameters to initialize with. + * @throws InvalidAlgorithmParameterException If the specified + * parameters are inappropriate. + */ + public final void init(ManagerFactoryParameters params) + throws InvalidAlgorithmParameterException + { + kmfSpi.engineInit(params); + } + + /** + * Initialize this instance with a key store and a password for + * private key entries. + * + * @param store The key store to read. + * @param passwd The password protecting private keys in the store. + * @throws KeyStoreException If an error occurs reading the keys. + * @throws NoSuchAlgorithmException If an algorithm (such as a + * certificate algorithm) is not available. + * @throws UnrecoverableKeyException If the password is incorrect. + */ + public final void init(KeyStore store, char[] passwd) + throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException + { + kmfSpi.engineInit(store, passwd); + } +} diff --git a/libjava/javax/net/ssl/KeyManagerFactorySpi.java b/libjava/javax/net/ssl/KeyManagerFactorySpi.java new file mode 100644 index 00000000000..3ed978f356c --- /dev/null +++ b/libjava/javax/net/ssl/KeyManagerFactorySpi.java @@ -0,0 +1,102 @@ +/* KeyManagerFactorySpi.java -- SPI for key manager factories. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.security.InvalidAlgorithmParameterException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; + +/** + * The <i>Service Provider Interface</i> (<b>SPI</b>) for key manager + * factories. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public abstract class KeyManagerFactorySpi +{ + + // Constructor. + // ------------------------------------------------------------------ + + public KeyManagerFactorySpi() + { + super(); + } + + // Abstract methods. + // ------------------------------------------------------------------ + + /** + * Engine method for retrieving this factory's key managers. + * + * @return The key managers. + */ + protected abstract KeyManager[] engineGetKeyManagers(); + + /** + * Engine method for initializing this factory with some + * algorithm-specific parameters. + * + * @param params The factory parameters. + * @throws InvalidAlgorithmParameterException If the supplied parameters + * are inappropriate for this instance. + */ + protected abstract void engineInit(ManagerFactoryParameters params) + throws InvalidAlgorithmParameterException; + + /** + * Engine method for initializing this factory with a key store and a + * password for private keys. Either parameter may be <code>null</code>, + * in which case some default parameters (possibly derived from system + * properties) should be used. + * + * @param store The key store. + * @param passwd The private key password. + * @throws KeyStoreException If the key store cannot be accessed. + * @throws NoSuchAlgorithmException If some of the data from the key + * store cannot be retrieved. + * @throws UnrecoverableKeyException If a private key cannot be retrieved, + * likely from a wrong password. + */ + protected abstract void engineInit(KeyStore store, char[] passwd) + throws KeyStoreException, NoSuchAlgorithmException, + UnrecoverableKeyException; +} diff --git a/libjava/javax/net/ssl/ManagerFactoryParameters.java b/libjava/javax/net/ssl/ManagerFactoryParameters.java new file mode 100644 index 00000000000..6d3e008dea9 --- /dev/null +++ b/libjava/javax/net/ssl/ManagerFactoryParameters.java @@ -0,0 +1,50 @@ +/* ManagerFactoryParameters.java -- marker interface for manager parameters. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +/** + * A marker interface for classes that serve as key or trust manager + * parameters, used to initialize instances of {@link + * KeyManagerFactory} or {@link TrustManagerFactory}. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public interface ManagerFactoryParameters +{ +} diff --git a/libjava/javax/net/ssl/SSLContext.java b/libjava/javax/net/ssl/SSLContext.java new file mode 100644 index 00000000000..45e01c3c7be --- /dev/null +++ b/libjava/javax/net/ssl/SSLContext.java @@ -0,0 +1,269 @@ +/* SSLContext.java -- an SSL protocol context. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.lang.reflect.InvocationTargetException; + +import java.security.KeyManagementException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.Provider; +import java.security.SecureRandom; +import java.security.Security; + +import gnu.java.security.Engine; + +/** + * A "meta-factory" for protocol-specific socket and server socket + * factories. This class serves as a clearinghouse for socket + * factories and cached session contexts for a particular protocol, + * such as SSLv3. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public class SSLContext +{ + + // Constants and fields. + // ------------------------------------------------------------------ + + /** Service name for SSL contexts. */ + private static final String SSL_CONTEXT = "SSLContext"; + + /** The underlying engine. */ + private final SSLContextSpi ctxSpi; + + /** The provider of the engine class. */ + private final Provider provider; + + /** The protocal name. */ + private final String protocol; + + // Constructor. + // ------------------------------------------------------------------ + + /** + * Create a new SSL context. + * + * @param ctxSpi The context engine. + * @param provider The provider of the implementation. + * @param protocol The name of the SSL protocol. + */ + protected SSLContext(SSLContextSpi ctxSpi, Provider provider, + String protocol) + { + this.ctxSpi = ctxSpi; + this.provider = provider; + this.protocol = protocol; + } + + // Class methods. + // ------------------------------------------------------------------ + + /** + * Get an instance of a context for the specified protocol from the + * first provider that implements it. + * + * @param protocol The name of the protocol to get a context for. + * @return The new context. + * @throws NoSuchAlgorithm If no provider implements the given + * protocol. + */ + public static final SSLContext getInstance(String protocol) + throws NoSuchAlgorithmException + { + Provider[] provs = Security.getProviders(); + for (int i = 0; i < provs.length; i++) + { + try + { + return getInstance(protocol, provs[i]); + } + catch (NoSuchAlgorithmException ignore) + { + } + } + throw new NoSuchAlgorithmException(protocol); + } + + /** + * Get an instance of a context for the specified protocol from the + * named provider. + * + * @param protocol The name of the protocol to get a context for. + * @param provider The name of the provider to get the + * implementation from. + * @return The new context. + * @throws NoSuchAlgorithmException If the provider does not + * implement the given protocol. + * @throws NoSuchProviderException If the named provider does not + * exist. + * @throws IllegalArgumentException If <i>provider</i> is null. + */ + public static final SSLContext getInstance(String protocol, + String provider) + throws NoSuchAlgorithmException, NoSuchProviderException + { + if (provider == null) + { + throw new IllegalArgumentException(); + } + Provider p = Security.getProvider(provider); + if (p == null) + { + throw new NoSuchProviderException(provider); + } + return getInstance(protocol, p); + } + + /** + * Get an instance of a context for the specified protocol from the + * specified provider. + * + * @param protocol The name of the protocol to get a context for. + * @param provider The name of the provider to get the + * implementation from. + * @return The new context. + * @throws NoSuchAlgorithmException If the provider does not + * implement the given protocol. + * @throws IllegalArgumentException If <i>provider</i> is null. + */ + public static final SSLContext getInstance(String protocol, + Provider provider) + throws NoSuchAlgorithmException + { + try + { + return new SSLContext((SSLContextSpi) + Engine.getInstance(SSL_CONTEXT, protocol, provider), + provider, protocol); + } + catch (InvocationTargetException ite) + { + ite.printStackTrace(); + throw new NoSuchAlgorithmException(); + } + catch (ClassCastException cce) + { + cce.printStackTrace(); + throw new NoSuchAlgorithmException(); + } + } + + // Instance methods. + // ----------------------------------------------------------------- + + /** + * Returns the set of SSL contexts available for client connections. + * + * @return The set of SSL contexts available for client connections. + */ + public final SSLSessionContext getClientSessionContext() + { + return ctxSpi.engineGetClientSessionContext(); + } + + /** + * Returns the protocol name of this context. + * + * @return The protocol name of this context. + */ + public final String getProtocol() + { + return protocol; + } + + /** + * Returns the provider of this implementation. + * + * @return The provider of this implementation. + */ + public final Provider getProvider() + { + return provider; + } + + /** + * Returns the set of SSL contexts available for server connections. + * + * @return The set of SSL contexts available for server connections. + */ + public final SSLSessionContext getServerSessionContext() + { + return ctxSpi.engineGetServerSessionContext(); + } + + /** + * Returns the factory for server SSL sockets. + * + * @return The factory for server SSL sockets. + */ + public final SSLServerSocketFactory getServerSocketFactory() + { + return ctxSpi.engineGetServerSocketFactory(); + } + + /** + * Returns the factory for client SSL sockets. + * + * @return The factory for client SSL sockets. + */ + public final SSLSocketFactory getSocketFactory() + { + return ctxSpi.engineGetSocketFactory(); + } + + /** + * Initializes this context and prepares it for producing socket + * factories. All of the parameters are optional; default values are + * used if left unspecified. + * + * @param keyManagers The set of key managers to use. + * @param trustManagers The set of trust managers to use. + * @param random A source of random bits to use. + * @throws KeyManagementException If initialization fails. + */ + public final void init(KeyManager[] keyManagers, + TrustManager[] trustManagers, + SecureRandom random) + throws KeyManagementException + { + ctxSpi.engineInit(keyManagers, trustManagers, random); + } +} diff --git a/libjava/javax/net/ssl/SSLContextSpi.java b/libjava/javax/net/ssl/SSLContextSpi.java new file mode 100644 index 00000000000..ecac1cbc5af --- /dev/null +++ b/libjava/javax/net/ssl/SSLContextSpi.java @@ -0,0 +1,109 @@ +/* SSLContextSpi.java -- SPI for SSL contexts. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.security.KeyManagementException; +import java.security.SecureRandom; + +/** + * The <i>Service Provider Interface</i> (<b>SPI</b>) for SSLContext + * objects. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public abstract class SSLContextSpi +{ + + // Constructor. + // ------------------------------------------------------------------- + + /** + * Create a new SSLContextSpi. + */ + public SSLContextSpi() + { + super(); + } + + // Abstract methods. + // ------------------------------------------------------------------- + + /** + * Returns the set of SSL sessions available for client connections. + * + * @return The set of SSL sessions available for client connections. + */ + protected abstract SSLSessionContext engineGetClientSessionContext(); + + /** + * Returns the set of SSL sessions available for server connections. + * + * @return The set of SSL sessions available for server connections. + */ + protected abstract SSLSessionContext engineGetServerSessionContext(); + + /** + * Returns the SSL server socket factory. + * + * @return The SSL server socket factory. + */ + protected abstract SSLServerSocketFactory engineGetServerSocketFactory(); + + /** + * Returns the SSL client socket factory. + * + * @return The SSL client socket factory. + */ + protected abstract SSLSocketFactory engineGetSocketFactory(); + + /** + * Initialize this context with key and trust managers, and a source + * of randomness. All of the parameters are optional. + * + * @param keyManagers The set of key managers. + * @param trustManagers The set of trust managers. + * @param random The source of randomness. + * @throws KeyManagementException If this context cannot be + * initialized with these parameters. + */ + protected abstract void engineInit(KeyManager[] keyManagers, + TrustManager[] trustManagers, + SecureRandom random) + throws KeyManagementException; +} diff --git a/libjava/javax/net/ssl/SSLException.java b/libjava/javax/net/ssl/SSLException.java new file mode 100644 index 00000000000..0a33b458fa5 --- /dev/null +++ b/libjava/javax/net/ssl/SSLException.java @@ -0,0 +1,59 @@ +/* SSLException.java -- generic SSL exception. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.io.IOException; + +/** + * The superclass of all possible SSL exceptions. Usually, a specific + * exception is thrown instead of this exception. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public class SSLException extends IOException +{ + + // Constructor. + // ------------------------------------------------------------------ + + public SSLException(String message) + { + super(message); + } +} diff --git a/libjava/javax/net/ssl/SSLHandshakeException.java b/libjava/javax/net/ssl/SSLHandshakeException.java new file mode 100644 index 00000000000..c0f2c5cbb8f --- /dev/null +++ b/libjava/javax/net/ssl/SSLHandshakeException.java @@ -0,0 +1,51 @@ +/* SSLHandshakeException.java -- exception in SSL handshake. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +/** + * An exception that signals an error in the SSL handshake phase. + */ +public class SSLHandshakeException extends SSLException +{ + + public SSLHandshakeException(String message) + { + super(message); + } +} diff --git a/libjava/javax/net/ssl/SSLKeyException.java b/libjava/javax/net/ssl/SSLKeyException.java new file mode 100644 index 00000000000..c60cac19fe6 --- /dev/null +++ b/libjava/javax/net/ssl/SSLKeyException.java @@ -0,0 +1,52 @@ +/* SSLKeyException.java -- exception in using a key in SSL. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +/** + * An exception signaling a problem using a public or private key in + * an SSL communication. + */ +public class SSLKeyException extends SSLException +{ + + public SSLKeyException(String message) + { + super(message); + } +} diff --git a/libjava/javax/net/ssl/SSLPeerUnverifiedException.java b/libjava/javax/net/ssl/SSLPeerUnverifiedException.java new file mode 100644 index 00000000000..1b3acbc2497 --- /dev/null +++ b/libjava/javax/net/ssl/SSLPeerUnverifiedException.java @@ -0,0 +1,51 @@ +/* SSLPeerUnverifiedException.java -- unverified peer exception. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +/** + * An exception thrown when the remote peer could not be verified. + */ +public class SSLPeerUnverifiedException extends SSLException +{ + + public SSLPeerUnverifiedException(String message) + { + super(message); + } +} diff --git a/libjava/javax/net/ssl/SSLPermission.java b/libjava/javax/net/ssl/SSLPermission.java new file mode 100644 index 00000000000..3771eaf9828 --- /dev/null +++ b/libjava/javax/net/ssl/SSLPermission.java @@ -0,0 +1,66 @@ +/* SSLPermission.java -- SSL permission class. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.security.BasicPermission; + +/** + * A permission used for accessing SSL classes. + */ +public class SSLPermission extends BasicPermission +{ + + // Constant. + // ------------------------------------------------------------------------- + + private static final long serialVersionUID = -3456898025505876775L; + + // Constructors. + // ------------------------------------------------------------------------- + + public SSLPermission(String name) + { + super(name); + } + + public SSLPermission(String name, String actions) + { + super(name, actions); + } +} diff --git a/libjava/javax/net/ssl/SSLProtocolException.java b/libjava/javax/net/ssl/SSLProtocolException.java new file mode 100644 index 00000000000..16a1457ab3e --- /dev/null +++ b/libjava/javax/net/ssl/SSLProtocolException.java @@ -0,0 +1,53 @@ +/* SSLProtocolException.java -- exception in SSL protocol. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +/** + * An exception thrown when a fatal protocol error is encountered. This + * exception usually indicates some serious problem with the local or + * remote SSL implementation. + */ +public class SSLProtocolException extends SSLException +{ + + public SSLProtocolException(String message) + { + super(message); + } +} diff --git a/libjava/javax/net/ssl/SSLServerSocket.java b/libjava/javax/net/ssl/SSLServerSocket.java new file mode 100644 index 00000000000..fee99f48e4b --- /dev/null +++ b/libjava/javax/net/ssl/SSLServerSocket.java @@ -0,0 +1,188 @@ +/* SSLServerSocket.java -- a server socket for SSL connections. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.io.IOException; + +import java.net.InetAddress; +import java.net.ServerSocket; + +/** + * A server socket that allows clients to connect via the SSL protocol. + */ +public abstract class SSLServerSocket extends ServerSocket +{ + + // Constructors. + // ------------------------------------------------------------------------- + + protected SSLServerSocket() throws IOException + { + super(); + //super(0); + //throw new UnsupportedOperationException("1.4 socket methods not enabled"); + } + + protected SSLServerSocket(int port) throws IOException + { + super(port); + } + + protected SSLServerSocket(int port, int backlog) throws IOException + { + super(port, backlog); + } + + protected SSLServerSocket(int port, int backlog, InetAddress bindAddress) + throws IOException + { + super(port, backlog, bindAddress); + } + + // Abstract methods. + // ------------------------------------------------------------------------- + + /** + * Returns the list of cihper suites that are currently enabled in this + * server socket. Sockets accepted by this server socket will only have + * these suites enabled. + * + * @return The enabled cipher suites. + */ + public abstract String[] getEnabledCipherSuites(); + + /** + * Sets the list enabled cipher suites. + * + * @param suites The cipher suites to enable. + */ + public abstract void setEnabledCipherSuites(String[] suites); + + /** + * Returns the list of enabled protocols, such as "SSLv3" and "TLSv1". + * + * @return The enabled protocols. + */ + public abstract String[] getEnabledProtocols(); + + /** + * Sets the list of enabled protocols. + * + * @param protocols The list of protocols to enable. + */ + public abstract void setEnabledProtocols(String[] protocols); + + /** + * Returns whether or not sessions will be created, i.e., whether or not + * this server socket will allow SSL session resumption. + * + * @return True if sessions will be created. + */ + public abstract boolean getEnableSessionCreation(); + + /** + * Sets whether or not sessions will be created. + * + * @param enabled The new enabled value. + */ + public abstract void setEnableSessionCreation(boolean enabled); + + /** + * Returns whether or not this server socket will require clients to + * authenticate themselves, such as through a certificate. + * + * @return True if clients must authenticate themselves. + */ + public abstract boolean getNeedClientAuth(); + + /** + * Enabled or disables the requirement that clients authenticate themselves. + * When this is set to <code>true</code>, connections will be rejected if + * connecting clients do not provide proper authentication. + * + * @param needAuth The new need auth value. + */ + public abstract void setNeedClientAuth(boolean needAuth); + + /** + * Returns whether or not sockets accepted by this server socket will do + * their handshake as the client-side. The default is false. + * + * @return True if client mode will be used. + */ + public abstract boolean getUseClientMode(); + + /** + * Sets whether or not sockets accepted by this server socket will be + * created in client mode. + * + * @param clientMode The new client mode value. + */ + public abstract void setUseClientMode(boolean clientMode); + + /** + * Returns whether or not this socket will ask for, but not require, that + * connecting clients authenticate themselves. Clients that do not + * provide authentication they will still be allowed to connect. + * + * @return True if this server socket wants client authentication. + */ + public abstract boolean getWantClientAuth(); + + /** + * Sets whether or not this server socket will want client authentication. + * + * @param wantAuth The new want auth value. + */ + public abstract void setWantClientAuth(boolean wantAuth); + + /** + * Returns a list of cipher suites that this server socket supports. + * + * @return The list of supported suites. + */ + public abstract String[] getSupportedCipherSuites(); + + /** + * Returns a list of SSL protocols supported by this server socket. + * + * @return The list of supported protocols. + */ + public abstract String[] getSupportedProtocols(); +} diff --git a/libjava/javax/net/ssl/SSLServerSocketFactory.java b/libjava/javax/net/ssl/SSLServerSocketFactory.java new file mode 100644 index 00000000000..ef82d146294 --- /dev/null +++ b/libjava/javax/net/ssl/SSLServerSocketFactory.java @@ -0,0 +1,172 @@ +/* SSLServerSocketFactory.java -- factory for SSL server sockets. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.security.KeyStore; +import java.security.Security; +import javax.net.ServerSocketFactory; + +/** + * A server socket factory for <i>Secure Socket Layer</i> (<b>SSL</b>) + * server sockets. + */ +public abstract class SSLServerSocketFactory extends ServerSocketFactory +{ + + // Field. + // ------------------------------------------------------------------------- + + private static SSLContext context; + + // Constructor. + // ------------------------------------------------------------------------- + + protected SSLServerSocketFactory() + { + super(); + } + + // Class methods. + // ------------------------------------------------------------------------- + + /** + * Returns a default implementation of a SSL server socket factory. + * + * <p>To control the class that gets returned by this method, set the + * security property "ssl.ServerSocketFactory.provider" to the class + * name of a concrete implementation of this class. If not set, a + * system-dependent implementation will be used.</p> + * + * <p>The implementation returned is created by the first implementation + * of the {@link SSLContext} class found, which is initialized with + * default parameters. To control the key and trust manager factory + * algorithms used as defaults, set the security properties + * "ssl.keyManagerFactory.algorithm" and "ssl.trustManagerFactory.algorithm" + * to the appropriate names.</p> + * + * <p>Using this method is not recommended. Instead, use the methods of + * {@link SSLContext}, which provide much better control over the + * creation of server socket factories.</p> + * + * @return The default server socket factory. + * @throws RuntimeException If no default can be created. + */ + public static synchronized ServerSocketFactory getDefault() + { + try + { + String s = Security.getProperty("ssl.ServerSocketFactory.provider"); + ClassLoader cl = ClassLoader.getSystemClassLoader(); + if (s != null && cl != null) + { + return (ServerSocketFactory) cl.loadClass(s).newInstance(); + } + } + catch (Exception e) + { + } + if (context == null) + { + KeyManager[] km = null; + TrustManager[] tm = null; + + // 1. Determine which algorithms to use for the key and trust + // manager factories. + String kmAlg = KeyManagerFactory.getDefaultAlgorithm(); + String tmAlg = TrustManagerFactory.getDefaultAlgorithm(); + // 2. Try to initialize the factories with default parameters. + try + { + KeyManagerFactory kmf = KeyManagerFactory.getInstance(kmAlg); + kmf.init(null, null); + km = kmf.getKeyManagers(); + } + catch (Exception ex) + { + } + try + { + TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmAlg); + tmf.init((KeyStore) null); + tm = tmf.getTrustManagers(); + } + catch (Exception ex) + { + } + + // 3. Create and initialize a context. + try + { + context = SSLContext.getInstance("SSLv3"); + context.init(km, tm, null); + } + catch (Exception ex) + { + throw new RuntimeException("error instantiating default server socket factory: " + + ex.toString()); + } + } + try + { + return context.getServerSocketFactory(); + } + catch (Exception e) + { + } + throw new RuntimeException("no SSLSocketFactory implementation available"); + } + + // Abstract methods. + // ------------------------------------------------------------------------- + + /** + * Returns the list of cipher suites that will be enabled in server sockets + * created by this factory. + * + * @return The default cipher suites. + */ + public abstract String[] getDefaultCipherSuites(); + + /** + * Returns the list of all cipher suites supported by this factory. + * + * @return The list of supported cipher suites. + */ + public abstract String[] getSupportedCipherSuites(); +} diff --git a/libjava/javax/net/ssl/SSLSession.java b/libjava/javax/net/ssl/SSLSession.java new file mode 100644 index 00000000000..14797f083a7 --- /dev/null +++ b/libjava/javax/net/ssl/SSLSession.java @@ -0,0 +1,168 @@ +/* SSLSession.java -- an SSL session. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.security.cert.Certificate; +import javax.security.cert.X509Certificate; + +/** + * An SSL session is a mechanism through which connections can be established + * by re-using previously negotiated handshakes. + */ +public interface SSLSession +{ + + /** + * Returns this session's cihper suite. + * + * @return The cipher suite. + */ + String getCipherSuite(); + + /** + * Returns the time in milliseconds since midnight GMT, 1 January 1970, that + * this session was created. + * + * @return The creation time. + */ + long getCreationTime(); + + /** + * Returns this session's unique identifier, a arbitrary byte array of up + * to 32 bytes. + * + * @return The session identifier. + */ + byte[] getId(); + + /** + * Returns the last time this session was accessed. + * + * @return The lest time this session was accessed. + */ + long getLastAccessedTime(); + + /** + * Returns the chain of certificates that the local side used in the + * handshake, or null if none were used. + * + * @return The local certificate chain. + */ + Certificate[] getLocalCertificates(); + + /** + * Returns the chain of certificates that the remote side used in + * the handshake, or null if none were used. + * + * @return The peer's certificate chain. + * @throws SSLPeerUnverifiedException If the identity of the peer has + * not been verified. + */ + Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException; + + /** + * Returns the chain of certificates that the remote side used in + * the handshake, or null if none were used. + * + * @return The peer's certificate chain. + * @throws SSLPeerUnverifiedException If the identity of the peer has + * not been verified. + */ + X509Certificate[] getPeerCertificateChain() + throws SSLPeerUnverifiedException; + + /** + * Returns the remote host's name. + * + * @return The name of the remote host. + */ + String getPeerHost(); + + /** + * Returns the protocol this session uses. + * + * @return The protocol. + */ + String getProtocol(); + + /** + * Returns this session's session context object. + * + * @return The session context. + * @throws SecurityException If the caller does not have the + * {@link SSLPermission} "getSessionContext". + */ + SSLSessionContext getSessionContext(); + + /** + * Returns the names of all values bound to this session. + * + * @return The list of bound names. + */ + String[] getValueNames(); + + /** + * Returns the object bound to the given name. + * + * @param name The name of the value to get. + * @return The object bound by that name, or null. + */ + Object getValue(String name); + + /** + * Invalidates this session, ensuring that it will not be continued by + * another socket. + */ + void invalidate(); + + /** + * Binds a value to this session, with the given name. + * + * @param name The name to bind the object with. + * @param value The value to bind. + */ + void putValue(String name, Object value); + + /** + * Un-binds a value. + * + * @param name The name of the value to un-bind. + */ + void removeValue(String name); +} diff --git a/libjava/javax/net/ssl/SSLSessionBindingEvent.java b/libjava/javax/net/ssl/SSLSessionBindingEvent.java new file mode 100644 index 00000000000..e0d27efa657 --- /dev/null +++ b/libjava/javax/net/ssl/SSLSessionBindingEvent.java @@ -0,0 +1,94 @@ +/* SSLSessionBindingEvent.java -- SSL binding event. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.util.EventObject; + +/** + * An event raised by {@link SSLSession} objects when objects are bound to + * them. + */ +public class SSLSessionBindingEvent extends EventObject +{ + + // Fields. + // ------------------------------------------------------------------- + + private static final long serialVersionUID = 3989172637106345L; + + private final String name; + + // Constructor. + // ------------------------------------------------------------------- + + /** + * Creates a new binding event. + * + * @param session The session being bound to. + * @param name The name the object was bound under. + */ + public SSLSessionBindingEvent(SSLSession session, String name) + { + super(session); + this.name = name; + } + + // Instance methods. + // -------------------------------------------------------------------- + + /** + * Returns the name the object was bound under. + * + * @return The name. + */ + public String getName() + { + return name; + } + + /** + * Returns the session that the object was bound to. + * + * @return The session. + */ + public SSLSession getSession() + { + return (SSLSession) getSource(); + } +} diff --git a/libjava/javax/net/ssl/SSLSessionBindingListener.java b/libjava/javax/net/ssl/SSLSessionBindingListener.java new file mode 100644 index 00000000000..2e2432d4aab --- /dev/null +++ b/libjava/javax/net/ssl/SSLSessionBindingListener.java @@ -0,0 +1,65 @@ +/* SSLSessionBindingListener.java -- listener for SSL bindings. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.util.EventListener; + +/** + * An event listener interface that should be notified when it is bound or + * unbound to a {@link SSLSession}. + */ +public interface SSLSessionBindingListener extends EventListener +{ + + /** + * This method is called of all objects when they are bound to an SSL + * session. + * + * @param event The binding event. + */ + void valueBound(SSLSessionBindingEvent event); + + /** + * This method is called of all objects when they are unbound to an SSL + * session. + * + * @param event The binding event. + */ + void valueUnbound(SSLSessionBindingEvent event); +} diff --git a/libjava/javax/net/ssl/SSLSessionContext.java b/libjava/javax/net/ssl/SSLSessionContext.java new file mode 100644 index 00000000000..0cbdeed9d1e --- /dev/null +++ b/libjava/javax/net/ssl/SSLSessionContext.java @@ -0,0 +1,103 @@ +/* SSLSessionContext.java -- collection of SSL sessions. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.util.Enumeration; + +/** + * A collection of saved SSL sessions, with thier corresponding session + * IDs. + * + * @author Casey Marshall (rsdio@metastatic.org) + */ +public interface SSLSessionContext +{ + + /** + * Returns an enumeration of all saved session IDs. Every element in + * the returned enumeration is a byte array. + * + * @return The session IDs. + */ + Enumeration getIds(); + + /** + * Gets the session specified by its ID, or <code>null</code> if there + * is no session, or if it has expired. + * + * @param sessionId The ID of the session to get. + * @return The session, or <code>null</code>. + */ + SSLSession getSession(byte[] sessionId); + + /** + * Returns the maximum number of sessions that may be cached by this + * session context. + * + * @return The maximum number of sessions that may be cached. + */ + int getSessionCacheSize(); + + /** + * Returns the period of time (in seconds) that a session may be cached + * for before becoming invalid. + * + * @return The time a session may be valid. + */ + int getSessionTimeout(); + + /** + * Sets the maximum number of sessions that may be cached by this + * session context. A cache size of 0 means no limit. + * + * @param size The new cache size. + * @throws IllegalArgumentException If <code>size</code> is negative. + */ + void setSessionCacheSize(int size); + + /** + * Sets the period of time (in seconds) that a session may be cached + * for before becoming invalid. A timeout of 0 means that sessions + * never expire. + * + * @param seconds The new timeout. + * @throws IllegalArgumentException If <code>seconds</code> is negative. + */ + void setSessionTimeout(int seconds); +} diff --git a/libjava/javax/net/ssl/SSLSocket.java b/libjava/javax/net/ssl/SSLSocket.java new file mode 100644 index 00000000000..8b943b9d6f3 --- /dev/null +++ b/libjava/javax/net/ssl/SSLSocket.java @@ -0,0 +1,229 @@ +/* SSLSocket.java -- an SSL client socket. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.io.IOException; +import java.net.InetAddress; +import java.net.Socket; +import java.net.UnknownHostException; + +/** + * A socket that communicates over the secure socket layer protocol. + */ +public abstract class SSLSocket extends Socket +{ + + // Constructors. + // ------------------------------------------------------------------------- + + protected SSLSocket() + { + super(); + } + + protected SSLSocket(String host, int port) + throws IOException, UnknownHostException + { + super(host, port); + } + + protected SSLSocket(InetAddress address, int port) throws IOException + { + super(address, port); + } + + protected SSLSocket(String host, int port, + InetAddress localAddr, int localPort) + throws IOException, UnknownHostException + { + super(host, port, localAddr, localPort); + } + + protected SSLSocket(InetAddress address, int port, + InetAddress localAddr, int localPort) + throws IOException + { + super(address, port, localAddr, localPort); + } + + // Abstract methods. + // ------------------------------------------------------------------------- + + /** + * Adds a handshake completed listener that wants to be notified when the + * SSL handshake completes. + * + * @param listener The listener to add. + */ + public abstract void + addHandshakeCompletedListener(HandshakeCompletedListener listener); + + /** + * Removes a handshake listener from this socket. + * + * @param listener The listener to remove. + */ + public abstract void + removeHandshakeCompletedListener(HandshakeCompletedListener listener); + + /** + * Returns the list of currently enabled cipher suites. + * + * @return The list of enabled cipher suites. + */ + public abstract String[] getEnabledCipherSuites(); + + /** + * Sets the list of enabled cipher suites. + * + * @param suites The list of suites to enable. + */ + public abstract void setEnabledCipherSuites(String[] suites); + + /** + * Returns the list of enabled SSL protocols. + * + * @return The list of enabled protocols. + */ + public abstract String[] getEnabledProtocols(); + + /** + * Sets the list of enabled SSL protocols. + * + * @param protocols The list of protocols to enable. + */ + public abstract void setEnabledProtocols(String[] protocols); + + /** + * Returns whether or not sessions will be created by this socket, and thus + * allow sessions to be continued later. + * + * @return Whether or not sessions will be created. + */ + public abstract boolean getEnableSessionCreation(); + + /** + * Sets whether or not sessions will be created by this socket. + * + * @param enable The new value. + */ + public abstract void setEnableSessionCreation(boolean enable); + + /** + * Returns whether or not this socket will require connecting clients to + * authenticate themselves. This value only applies to sockets in server + * mode. + * + * @return Whether or not this socket requires client authentication. + */ + public abstract boolean getNeedClientAuth(); + + /** + * Sets whether or not this socket will require connecting clients to + * authenticate themselves. This value only applies to sockets in server + * mode. + * + * @param needAuth The new need auth value. + */ + public abstract void setNeedClientAuth(boolean needAuth); + + /** + * Returns this socket's session object. + * + * @return The session. + */ + public abstract SSLSession getSession(); + + /** + * Returns the list of cipher suites supported by this socket. + * + * @return The list of supported cipher suites. + */ + public abstract String[] getSupportedCipherSuites(); + + /** + * Returns the list of protocols supported by this socket. + * + * @return The list of supported protocols. + */ + public abstract String[] getSupportedProtocols(); + + /** + * Returns whether or not this socket will connect in client mode. + * + * @return True if this is a client socket. + */ + public abstract boolean getUseClientMode(); + + /** + * Sets whether or not this socket will connect in client mode. + * + * @param clientMode The new value. + */ + public abstract void setUseClientMode(boolean clientMode); + + /** + * Returns whether or not this socket will request that connecting clients + * authenticate themselves. This value only applies to sockets in server + * mode. + * + * @return The want client auth value. + */ + public abstract boolean getWantClientAuth(); + + /** + * Sets whether or not this socket will request that connecting clients + * authenticate themselves. This value only applies to sockets in server + * mode. + * + * @param wantAuth The new want auth value. + */ + public abstract void setWantClientAuth(boolean wantAuth); + + /** + * Explicitly begins the handshake, or, if the handshake has already + * completed, requests that the handshake be repeated. + * + * <p>The handshake will begin implicitly when any attempt to read or + * write to the socket is made.</p> + * + * @throws IOException If an I/O or SSL error occurs. + */ + public abstract void startHandshake() throws IOException; +} diff --git a/libjava/javax/net/ssl/SSLSocketFactory.java b/libjava/javax/net/ssl/SSLSocketFactory.java new file mode 100644 index 00000000000..181ab18a1d2 --- /dev/null +++ b/libjava/javax/net/ssl/SSLSocketFactory.java @@ -0,0 +1,192 @@ +/* SSLSocketFactory.java -- factory for SSL client sockets. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.io.IOException; +import java.net.Socket; +import java.security.AccessController; +import java.security.KeyStore; +import java.security.PrivilegedAction; +import java.security.Security; +import javax.net.SocketFactory; + +/** + * A socket factory for creating <i>Secure Socket Layer</i> (<b>SSL</b>) + * sockets. + */ +public abstract class SSLSocketFactory extends SocketFactory +{ + + // Constants. + // ------------------------------------------------------------------------- + + private static SSLContext context; + + // Constructor. + // ------------------------------------------------------------------------- + + public SSLSocketFactory() + { + super(); + } + + // Class methods. + // ------------------------------------------------------------------------- + + /** + * Returns a default implementation of a SSL socket factory. + * + * <p>To control the class that gets returned by this method, set the + * security property "ssl.SocketFactory.provider" to the class + * name of a concrete implementation of this class. If not set, a + * system-dependent implementation will be used.</p> + * + * <p>The implementation returned is created by the first implementation + * of the {@link SSLContext} class found, which is initialized with + * default parameters. To control the key and trust manager factory + * algorithms used as defaults, set the security properties + * "ssl.keyManagerFactory.algorithm" and "ssl.trustManagerFactory.algorithm" + * to the appropriate names.</p> + * + * <p>Using this method is not recommended. Instead, use the methods of + * {@link SSLContext}, which provide much better control over the + * creation of socket factories.</p> + * + * @return The default socket factory. + * @throws RuntimeException If no default can be created. + */ + public static synchronized SocketFactory getDefault() + { + try + { + String s = Security.getProperty("ssl.SocketFactory.provider"); + ClassLoader cl = ClassLoader.getSystemClassLoader(); + if (s != null && cl != null) + { + return (SocketFactory) cl.loadClass(s).newInstance(); + } + } + catch (Exception e) + { + } + if (context == null) + { + KeyManager[] km = null; + TrustManager[] tm = null; + + // 1. Determine which algorithms to use for the key and trust + // manager factories. + String kmAlg = KeyManagerFactory.getDefaultAlgorithm(); + String tmAlg = TrustManagerFactory.getDefaultAlgorithm(); + + // 2. Try to initialize the factories with default parameters. + try + { + KeyManagerFactory kmf = KeyManagerFactory.getInstance(kmAlg); + kmf.init(null, null); + km = kmf.getKeyManagers(); + } + catch (Exception ex) + { + } + try + { + TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmAlg); + tmf.init((KeyStore) null); + tm = tmf.getTrustManagers(); + } + catch (Exception ex) + { + } + + // 3. Create and initialize a context. + try + { + context = SSLContext.getInstance("SSLv3"); + context.init(km, tm, null); + } + catch (Exception ex) + { + throw new RuntimeException("error instantiating default socket factory: " + + ex.toString()); + } + } + try + { + return context.getSocketFactory(); + } + catch (Exception e) + { + } + throw new RuntimeException("no SSLSocketFactory implementation available"); + } + + // Abstract methods. + // ------------------------------------------------------------------------- + + /** + * Creates a SSL socket wrapped around an existing socket. + * + * @param socket The socket to wrap. + * @param host The host the socket is connected to. + * @param port The port the socket is connected to. + * @param autoClose Whether or not the wrapped socket should be closed + * automatically. + * @return The new SSL socket. + * @throws IOException If the socket could not be created. + */ + public abstract Socket createSocket(Socket socket, String host, + int port, boolean autoClose) + throws IOException; + + /** + * Returns the list of cipher suites that will be enabled in sockets + * created by this factory. + * + * @return The default cipher suites. + */ + public abstract String[] getDefaultCipherSuites(); + + /** + * Returns the list of all cipher suites supported by this factory. + * + * @return The list of supported cipher suites. + */ + public abstract String[] getSupportedCipherSuites(); +} diff --git a/libjava/javax/net/ssl/TrivialHostnameVerifier.java b/libjava/javax/net/ssl/TrivialHostnameVerifier.java new file mode 100644 index 00000000000..e4e2befc072 --- /dev/null +++ b/libjava/javax/net/ssl/TrivialHostnameVerifier.java @@ -0,0 +1,51 @@ +/* TrivialHostnameVerifier.java -- non-verifing verifier. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +/** + * A hostname verifier that always rejects mismatched hostnames. + */ +class TrivialHostnameVerifier implements HostnameVerifier +{ + + public boolean verify(String hostname, SSLSession session) + { + return false; + } +} diff --git a/libjava/javax/net/ssl/TrustManager.java b/libjava/javax/net/ssl/TrustManager.java new file mode 100644 index 00000000000..f90629ab40c --- /dev/null +++ b/libjava/javax/net/ssl/TrustManager.java @@ -0,0 +1,47 @@ +/* TrustManager.java -- marker interface for trust managers. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +/** + * A marker interface for classes that establish the trust of remote + * hosts. + */ +public interface TrustManager +{ +} diff --git a/libjava/javax/net/ssl/TrustManagerFactory.java b/libjava/javax/net/ssl/TrustManagerFactory.java new file mode 100644 index 00000000000..84059c89618 --- /dev/null +++ b/libjava/javax/net/ssl/TrustManagerFactory.java @@ -0,0 +1,279 @@ +/* TrustManagerFactory.java -- factory for trust managers. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.lang.reflect.InvocationTargetException; + +import java.security.AccessController; +import java.security.InvalidAlgorithmParameterException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PrivilegedAction; +import java.security.Provider; +import java.security.Security; + +import gnu.java.security.Engine; + +/** + * A factory for creating trust manager objects. + */ +public class TrustManagerFactory +{ + + // Constants and fields. + // ------------------------------------------------------------------------- + + /** The service name for trust manager factories. */ + private static final String TRUST_MANAGER_FACTORY = "TrustManagerFactory"; + + /** The system default trust manager algorithm. */ + private static final String DEFAULT_ALGORITHM = "JessieX509"; + + /** The underlying engine class. */ + private final TrustManagerFactorySpi tmfSpi; + + /** The provider of the engine class. */ + private final Provider provider; + + /** The name of this trust manager algorithm. */ + private final String algorithm; + + // Constructor. + // ------------------------------------------------------------------------- + + /** + * Creates a new trust manager factory. + * + * @param tmfSpi The underlying engine class. + * @param provider The provider of the engine class. + * @param algorithm The trust manager algorithm name. + */ + protected TrustManagerFactory(TrustManagerFactorySpi tmfSpi, + Provider provider, String algorithm) + { + this.tmfSpi = tmfSpi; + this.provider = provider; + this.algorithm = algorithm; + } + + // Class methods. + // ------------------------------------------------------------------------- + + /** + * Returns an instance of a trust manager factory for the given algorithm + * from the first provider that implements it. + * + * @param algorithm The name of the algorithm to get. + * @return The instance of the trust manager factory. + * @throws NoSuchAlgorithmException If no provider implements the given + * algorithm. + */ + public static final TrustManagerFactory getInstance(String algorithm) + throws NoSuchAlgorithmException + { + Provider[] provs = Security.getProviders(); + for (int i = 0; i < provs.length; i++) + { + try + { + return getInstance(algorithm, provs[i]); + } + catch (NoSuchAlgorithmException ignore) + { + } + } + throw new NoSuchAlgorithmException(algorithm); + } + + /** + * Returns an instance of a trust manager factory for the given algorithm + * from the named provider. + * + * @param algorithm The name of the algorithm to get. + * @param provider The name of the provider to get the instance from. + * @return The instance of the trust manager factory. + * @throws NoSuchAlgorithmException If the provider does not implement the + * given algorithm. + * @throws NoSuchProviderException If there is no such named provider. + * @throws IllegalArgumentException If the provider argument is null. + */ + public static final TrustManagerFactory getInstance(String algorithm, + String provider) + throws NoSuchAlgorithmException, NoSuchProviderException + { + if (provider == null) + { + throw new IllegalArgumentException(); + } + Provider p = Security.getProvider(provider); + if (p == null) + { + throw new NoSuchProviderException(provider); + } + return getInstance(algorithm, p); + } + + /** + * Returns an instance of a trust manager factory for the given algorithm + * from the specified provider. + * + * @param algorithm The name of the algorithm to get. + * @param provider The provider to get the instance from. + * @return The instance of the trust manager factory. + * @throws NoSuchAlgorithmException If the provider does not implement the + * given algorithm. + * @throws IllegalArgumentException If the provider argument is null. + */ + public static final TrustManagerFactory getInstance(String algorithm, + Provider provider) + throws NoSuchAlgorithmException + { + if (provider == null) + { + throw new IllegalArgumentException(); + } + try + { + return new TrustManagerFactory((TrustManagerFactorySpi) + Engine.getInstance(TRUST_MANAGER_FACTORY, algorithm, provider), + provider, algorithm); + } + catch (InvocationTargetException ite) + { + throw new NoSuchAlgorithmException(algorithm); + } + catch (ClassCastException cce) + { + throw new NoSuchAlgorithmException(algorithm); + } + } + + /** + * Returns the default algorithm for trust manager factories. The value + * returned is either the value of the security property + * "ssl.TrustManagerFactory.algorithm" if it is set, or the value "JessieX509" + * if not. + * + * @return The default algorithm name. + * @see Security.getProperty(java.lang.String) + */ + public static final String getDefaultAlgorithm() + { + String alg = null; + try + { + alg = (String) AccessController.doPrivileged( + new PrivilegedAction() + { + public Object run() + { + return Security.getProperty("ssl.TrustManagerFactory.algorithm"); + } + } + ); + } + catch (SecurityException se) + { + } + if (alg == null) + alg = DEFAULT_ALGORITHM; + return alg; + } + + // Instance methods. + // ------------------------------------------------------------------------- + + /** + * Returns the name of this trust manager algorithm. + * + * @return The algorithm name. + */ + public final String getAlgorithm() + { + return algorithm; + } + + /** + * Returns the provider of the underlying implementation. + * + * @return The provider. + */ + public final Provider getProvider() + { + return provider; + } + + /** + * Returns the trust managers created by this factory. + * + * @return The trust managers. + */ + public final TrustManager[] getTrustManagers() + { + return tmfSpi.engineGetTrustManagers(); + } + + /** + * Initialize this instance with some algorithm-specific parameters. + * + * @param params The parameters. + * @throws InvalidAlgorithmParameterException If the supplied parameters + * are inappropriate for this instance. + */ + public final void init(ManagerFactoryParameters params) + throws InvalidAlgorithmParameterException + { + tmfSpi.engineInit(params); + } + + /** + * Initialize this instance with a key store. The key store may be null, + * in which case a default will be used. + * + * @param store The key store. + * @throws KeyStoreException If there is a problem reading from the + * key store. + */ + public final void init(KeyStore store) throws KeyStoreException + { + tmfSpi.engineInit(store); + } +} diff --git a/libjava/javax/net/ssl/TrustManagerFactorySpi.java b/libjava/javax/net/ssl/TrustManagerFactorySpi.java new file mode 100644 index 00000000000..389e02325c4 --- /dev/null +++ b/libjava/javax/net/ssl/TrustManagerFactorySpi.java @@ -0,0 +1,88 @@ +/* TrustManagerFactorySpi.java -- SPI for trust manager factories. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.security.InvalidAlgorithmParameterException; +import java.security.KeyStore; +import java.security.KeyStoreException; + +/** + * The <i>service provider interface</i> (<b>SPI</b>) for trust managers. + */ +public abstract class TrustManagerFactorySpi +{ + + // Constructor. + // ------------------------------------------------------------------------- + + public TrustManagerFactorySpi() + { + super(); + } + + // Abstract methods. + // ------------------------------------------------------------------------- + + /** + * Engine method that returns the trust managers created by this factory. + * + * @return The trust managers. + */ + protected abstract TrustManager[] engineGetTrustManagers(); + + /** + * Engine method that initializes this factory with some algorithm-specific + * parameters. + * + * @param params The parameters. + * @throws InvalidAlgorithmParameterException If the given parameters are + * inappropriate. + */ + protected abstract void engineInit(ManagerFactoryParameters params) + throws InvalidAlgorithmParameterException; + + /** + * Engine method that initializes this factory with a key store. The key + * store parameter may be null, in which case some default should be used. + * + * @param store The key store. + * @throws KeyStoreException If a problem occurs reading from the key store. + */ + protected abstract void engineInit(KeyStore store) throws KeyStoreException; +} diff --git a/libjava/javax/net/ssl/X509KeyManager.java b/libjava/javax/net/ssl/X509KeyManager.java new file mode 100644 index 00000000000..d5c00b62c97 --- /dev/null +++ b/libjava/javax/net/ssl/X509KeyManager.java @@ -0,0 +1,108 @@ +/* X509KeyManager.java -- X.509 key manager interface. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.net.Socket; + +import java.security.Principal; +import java.security.PrivateKey; +import java.security.cert.X509Certificate; + +/** + * A key manager for X.509 certificates and their associated private keys. + */ +public interface X509KeyManager extends KeyManager +{ + + /** + * Choose an alias for client-side authentication. + * + * @param keyTypes A list of acceptable key types. + * @param issuers A list of acceptable certificate issuers. + * @param socket The connecting socket. + * @return The chosen alias. + */ + String chooseClientAlias(String[] keyTypes, Principal[] issuers, + Socket socket); + + /** + * Choose an alias for server-side authentication. + * + * @param keyType The desired certificate type. + * @param issuers A list of acceptable certificate issuers. + * @param socket The connecting socket. + * @return The chosen alias. + */ + String chooseServerAlias(String keyType, Principal[] issuers, + Socket socket); + + /** + * Gets the X.509 certificate chain associated with the given alias. + * + * @param alias The alias. + * @return The certificate chain. + */ + X509Certificate[] getCertificateChain(String alias); + + /** + * Returns all client aliases that support the given key type. + * + * @param keyType The desired key type. + * @param issuers A list of acceptable certificate issuers. + * @return The (possibly empty) list of aliases. + */ + String[] getClientAliases(String keyType, Principal[] issuers); + + /** + * Gets the private key associated with the given alias. + * + * @param alias The alias. + * @return The private key. + */ + PrivateKey getPrivateKey(String alias); + + /** + * Returns all server aliases that support the given key type. + * + * @param keyType The desired key type. + * @param issuers A list of acceptable certificate issuers. + * @return The (possibly empty) list of aliases. + */ + String[] getServerAliases(String keyType, Principal[] issuers); +} diff --git a/libjava/javax/net/ssl/X509TrustManager.java b/libjava/javax/net/ssl/X509TrustManager.java new file mode 100644 index 00000000000..b63e0a830b6 --- /dev/null +++ b/libjava/javax/net/ssl/X509TrustManager.java @@ -0,0 +1,76 @@ +/* X509TrustManager.java -- X.509 trust manager interface. + Copyright (C) 2004 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.net.ssl; + +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; + +/** + * A trust manager for dealing with X.509 certificates. + */ +public interface X509TrustManager extends TrustManager +{ + + /** + * Checks if a certificate chain sent by the client is trusted. + * + * @param chain The certificate chain to check. + * @param authType The authentication type. + * @throws CertificateException If the client's certificates are not trusted. + */ + void checkClientTrusted(X509Certificate[] chain, String authType) + throws CertificateException; + + /** + * Checks if a certificate chain sent by the server is trusted. + * + * @param chain The certificate chain to check. + * @param authType The authentication type. + * @throws CertificateException If the server's certificates are not trusted. + */ + void checkServerTrusted(X509Certificate[] chain, String authType) + throws CertificateException; + + /** + * Returns the list of trusted issuer certificates currently in use. + * + * @return The list of trusted issuer certificates. + */ + X509Certificate[] getAcceptedIssuers(); +} |