diff options
Diffstat (limited to 'x-net/src/main/java/javax/net')
44 files changed, 0 insertions, 4985 deletions
diff --git a/x-net/src/main/java/javax/net/DefaultServerSocketFactory.java b/x-net/src/main/java/javax/net/DefaultServerSocketFactory.java deleted file mode 100644 index 9e31be4..0000000 --- a/x-net/src/main/java/javax/net/DefaultServerSocketFactory.java +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net; - -import java.io.IOException; -import java.net.InetAddress; -import java.net.ServerSocket; - -/** - * Default implementation of {@link javax.net.ServerSocketFactory} - */ -final class DefaultServerSocketFactory extends ServerSocketFactory { - - DefaultServerSocketFactory() { - super(); - } - - @Override - public ServerSocket createServerSocket(int port) throws IOException { - return new ServerSocket(port); - } - - @Override - public ServerSocket createServerSocket(int port, int backlog) throws IOException { - return new ServerSocket(port, backlog); - } - - @Override - public ServerSocket createServerSocket(int port, int backlog, InetAddress iAddress) - throws IOException { - return new ServerSocket(port, backlog, iAddress); - } - -} diff --git a/x-net/src/main/java/javax/net/DefaultSocketFactory.java b/x-net/src/main/java/javax/net/DefaultSocketFactory.java deleted file mode 100644 index 010c720..0000000 --- a/x-net/src/main/java/javax/net/DefaultSocketFactory.java +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net; - -import java.io.IOException; -import java.net.InetAddress; -import java.net.Socket; -import java.net.UnknownHostException; - -/** - * Default implementation of {@link javax.net.SocketFactory} - */ -final class DefaultSocketFactory extends SocketFactory { - - DefaultSocketFactory() { - super(); - } - - @Override - public Socket createSocket() throws IOException { - return new Socket(); - } - - @Override - public Socket createSocket(String host, int port) throws IOException, UnknownHostException { - return new Socket(host, port); - } - - @Override - public Socket createSocket(String host, int port, InetAddress localHost, int localPort) - throws IOException, UnknownHostException { - return new Socket(host, port, localHost, localPort); - } - - @Override - public Socket createSocket(InetAddress host, int port) throws IOException { - return new Socket(host, port); - } - - @Override - public Socket createSocket(InetAddress address, int port, InetAddress localAddress, - int localPort) throws IOException { - return new Socket(address, port, localAddress, localPort); - } -} diff --git a/x-net/src/main/java/javax/net/ServerSocketFactory.java b/x-net/src/main/java/javax/net/ServerSocketFactory.java deleted file mode 100644 index f2d2c0d..0000000 --- a/x-net/src/main/java/javax/net/ServerSocketFactory.java +++ /dev/null @@ -1,109 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net; - -import java.io.IOException; -import java.net.InetAddress; -import java.net.ServerSocket; -import java.net.SocketException; - -/** - * This abstract class defines methods to create server sockets. It can be - * subclassed to create specific server socket types. - */ -public abstract class ServerSocketFactory { - private static ServerSocketFactory defaultFactory; - - /** - * Gets the default server socket factory of the system which can be used to - * create new server sockets without creating a subclass of this factory. - * - * @return the system default server socket factory. - */ - public static synchronized ServerSocketFactory getDefault() { - if (defaultFactory == null) { - defaultFactory = new DefaultServerSocketFactory(); - } - return defaultFactory; - } - - /** - * Creates a new {@code ServerSocketFactory} instance. - */ - protected ServerSocketFactory() { - super(); - } - - /** - * Creates a new server socket which is not bound to any local address. This - * method has to be overridden by a subclass otherwise a {@code - * SocketException} is thrown. - * - * @return the created unbound server socket. - * @throws IOException - * if an error occurs while creating a new server socket. - */ - public ServerSocket createServerSocket() throws IOException { - // follow RI's behavior - throw new SocketException("Unbound server sockets not implemented"); - } - - /** - * Creates a new server socket which is bound to the given port. - * - * @param port - * the port on which the created socket has to listen. - * @return the created bound server socket. - * @throws IOException - * if an error occurs while creating a new server socket. - */ - public abstract ServerSocket createServerSocket(int port) throws IOException; - - /** - * Creates a new server socket which is bound to the given port and - * configures its maximum of queued connections. - * - * @param port - * the port on which the created socket has to listen. - * @param backlog - * the maximum of queued connections. - * @return the created bound server socket. - * @throws IOException - * if an error occurs while creating a new server socket. - */ - public abstract ServerSocket createServerSocket(int port, int backlog) throws IOException; - - /** - * Creates a new server socket which is bound to the given address on the - * specified port and configures its maximum of queued connections. - * - * @param port - * the port on which the created socket has to listen. - * @param backlog - * the maximum of queued connections. - * @param iAddress - * the address of the network interface which is used by the - * created socket. - * @return the created bound server socket. - * @throws IOException - * if an error occurs while creating a new server socket. - */ - public abstract ServerSocket createServerSocket(int port, int backlog, InetAddress iAddress) - throws IOException; - -} diff --git a/x-net/src/main/java/javax/net/SocketFactory.java b/x-net/src/main/java/javax/net/SocketFactory.java deleted file mode 100644 index eb0cfcb..0000000 --- a/x-net/src/main/java/javax/net/SocketFactory.java +++ /dev/null @@ -1,153 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net; - -import java.io.IOException; -import java.net.InetAddress; -import java.net.Socket; -import java.net.SocketException; -import java.net.UnknownHostException; - -/** - * This abstract class defines methods to create sockets. It can be subclassed - * to create specific socket types with additional socket-level functionality. - */ -public abstract class SocketFactory { - - private static SocketFactory defaultFactory; - - /** - * Gets the default socket factory of the system which can be used to create - * new sockets without creating a subclass of this factory. - * - * @return the system default socket factory. - */ - public static synchronized SocketFactory getDefault() { - if (defaultFactory == null) { - defaultFactory = new DefaultSocketFactory(); - } - return defaultFactory; - } - - /** - * Creates a new {@code SocketFactory} instance. - */ - protected SocketFactory() { - super(); - } - - /** - * Creates a new socket which is not connected to any remote host. This - * method has to be overridden by a subclass otherwise a {@code - * SocketException} is thrown. - * - * @return the created unconnected socket. - * @throws IOException - * if an error occurs while creating a new socket. - */ - public Socket createSocket() throws IOException { - // follow RI's behavior - throw new SocketException("Unconnected sockets not implemented"); - } - - /** - * Creates a new socket which is connected to the remote host specified by - * the parameters {@code host} and {@code port}. The socket is bound to any - * available local address and port. - * - * @param host - * the remote host address the socket has to be connected to. - * @param port - * the port number of the remote host at which the socket is - * connected. - * @return the created connected socket. - * @throws IOException - * if an error occurs while creating a new socket. - * @throws UnknownHostException - * if the specified host is unknown or the IP address could not - * be resolved. - */ - public abstract Socket createSocket(String host, int port) throws IOException, - UnknownHostException; - - /** - * Creates a new socket which is connected to the remote host specified by - * the parameters {@code host} and {@code port}. The socket is bound to the - * local network interface specified by the InetAddress {@code localHost} on - * port {@code localPort}. - * - * @param host - * the remote host address the socket has to be connected to. - * @param port - * the port number of the remote host at which the socket is - * connected. - * @param localHost - * the local host address the socket is bound to. - * @param localPort - * the port number of the local host at which the socket is - * bound. - * @return the created connected socket. - * @throws IOException - * if an error occurs while creating a new socket. - * @throws UnknownHostException - * if the specified host is unknown or the IP address could not - * be resolved. - */ - public abstract Socket createSocket(String host, int port, InetAddress localHost, int localPort) - throws IOException, UnknownHostException; - - /** - * Creates a new socket which is connected to the remote host specified by - * the InetAddress {@code host}. The socket is bound to any available local - * address and port. - * - * @param host - * the host address the socket has to be connected to. - * @param port - * the port number of the remote host at which the socket is - * connected. - * @return the created connected socket. - * @throws IOException - * if an error occurs while creating a new socket. - */ - public abstract Socket createSocket(InetAddress host, int port) throws IOException; - - - /** - * Creates a new socket which is connected to the remote host specified by - * the InetAddress {@code address}. The socket is bound to the local network - * interface specified by the InetAddress {@code localHost} on port {@code - * localPort}. - * - * @param address - * the remote host address the socket has to be connected to. - * @param port - * the port number of the remote host at which the socket is - * connected. - * @param localAddress - * the local host address the socket is bound to. - * @param localPort - * the port number of the local host at which the socket is - * bound. - * @return the created connected socket. - * @throws IOException - * if an error occurs while creating a new socket. - */ - public abstract Socket createSocket(InetAddress address, int port, InetAddress localAddress, - int localPort) throws IOException; -} diff --git a/x-net/src/main/java/javax/net/package.html b/x-net/src/main/java/javax/net/package.html deleted file mode 100644 index 5674d06..0000000 --- a/x-net/src/main/java/javax/net/package.html +++ /dev/null @@ -1,7 +0,0 @@ -<html> - <body> - <p> - This package provides factory classes to create sockets and server-sockets. This classes can be subclassed to create factories for other kinds of socket for example the SSL-capable sockets from the package javax.net.ssl. - </p> - </body> -</html> diff --git a/x-net/src/main/java/javax/net/ssl/CertPathTrustManagerParameters.java b/x-net/src/main/java/javax/net/ssl/CertPathTrustManagerParameters.java deleted file mode 100644 index dcf7a4d..0000000 --- a/x-net/src/main/java/javax/net/ssl/CertPathTrustManagerParameters.java +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -import java.security.cert.CertPathParameters; - -/** - * Certification path parameters to provide to certification path - * based {@link TrustManager}. - * - * @since 1.5 - */ -public class CertPathTrustManagerParameters implements ManagerFactoryParameters { - - private final CertPathParameters param; - - /** - * Creates a new {@code CertPathTrustManagerParameters} with the specified - * certification path parameters. - * - * @param parameters - * the certification path parameters. - */ - public CertPathTrustManagerParameters(CertPathParameters parameters) { - param = (CertPathParameters) parameters.clone(); - } - - /** - * Returns a copy of the certification path parameters. - * - * @return a copy of the certification path parameters. - */ - public CertPathParameters getParameters() { - return (CertPathParameters) param.clone(); - } - -} diff --git a/x-net/src/main/java/javax/net/ssl/DefaultHostnameVerifier.java b/x-net/src/main/java/javax/net/ssl/DefaultHostnameVerifier.java deleted file mode 100644 index 779c46a..0000000 --- a/x-net/src/main/java/javax/net/ssl/DefaultHostnameVerifier.java +++ /dev/null @@ -1,329 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -// BEGIN android-added -// Copied and condensed code taken from the Apache HttpClient. Also slightly -// modified, so it matches the package/class structure of the core libraries. -// This HostnameVerifier does checking similar to what the RI and popular -// browsers do. -// END android-added - -package javax.net.ssl; - -import org.apache.harmony.luni.util.Inet6Util; - -import java.io.IOException; -import java.io.InputStream; -import java.security.cert.Certificate; -import java.security.cert.CertificateParsingException; -import java.security.cert.X509Certificate; -import java.util.Arrays; -import java.util.Collection; -import java.util.Iterator; -import java.util.LinkedList; -import java.util.List; -import java.util.Locale; -import java.util.StringTokenizer; -import java.util.logging.Level; -import java.util.logging.Logger; - -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.SSLException; -import javax.net.ssl.SSLSession; -import javax.net.ssl.SSLSocket; - -/** - * A HostnameVerifier that works the same way as Curl and Firefox. - * <p/> - * The hostname must match either the first CN, or any of the subject-alts. - * A wildcard can occur in the CN, and in any of the subject-alts. - * <p/> - * The only difference between BROWSER_COMPATIBLE and STRICT is that a wildcard - * (such as "*.foo.com") with BROWSER_COMPATIBLE matches all subdomains, - * including "a.b.foo.com". - * - * @author Julius Davies - */ -class DefaultHostnameVerifier implements HostnameVerifier { - - /** - * This contains a list of 2nd-level domains that aren't allowed to - * have wildcards when combined with country-codes. - * For example: [*.co.uk]. - * <p/> - * The [*.co.uk] problem is an interesting one. Should we just hope - * that CA's would never foolishly allow such a certificate to happen? - * Looks like we're the only implementation guarding against this. - * Firefox, Curl, Sun Java 1.4, 5, 6 don't bother with this check. - */ - private final static String[] BAD_COUNTRY_2LDS = - { "ac", "co", "com", "ed", "edu", "go", "gouv", "gov", "info", - "lg", "ne", "net", "or", "org" }; - - static { - // Just in case developer forgot to manually sort the array. :-) - Arrays.sort(BAD_COUNTRY_2LDS); - } - - public DefaultHostnameVerifier() { - super(); - } - - public final void verify(String host, SSLSocket ssl) - throws IOException { - if(host == null) { - throw new NullPointerException("host to verify is null"); - } - - SSLSession session = ssl.getSession(); - Certificate[] certs = session.getPeerCertificates(); - X509Certificate x509 = (X509Certificate) certs[0]; - verify(host, x509); - } - - public final boolean verify(String host, SSLSession session) { - try { - Certificate[] certs = session.getPeerCertificates(); - X509Certificate x509 = (X509Certificate) certs[0]; - verify(host, x509); - return true; - } - catch(SSLException e) { - return false; - } - } - - public final void verify(String host, X509Certificate cert) - throws SSLException { - String[] cns = getCNs(cert); - String[] subjectAlts = getDNSSubjectAlts(cert); - verify(host, cns, subjectAlts); - } - - public final void verify(final String host, final String[] cns, - final String[] subjectAlts, - final boolean strictWithSubDomains) - throws SSLException { - - // Build the list of names we're going to check. Our DEFAULT and - // STRICT implementations of the HostnameVerifier only use the - // first CN provided. All other CNs are ignored. - // (Firefox, wget, curl, Sun Java 1.4, 5, 6 all work this way). - LinkedList<String> names = new LinkedList<String>(); - if(cns != null && cns.length > 0 && cns[0] != null) { - names.add(cns[0]); - } - if(subjectAlts != null) { - for (String subjectAlt : subjectAlts) { - if (subjectAlt != null) { - names.add(subjectAlt); - } - } - } - - if(names.isEmpty()) { - String msg = "Certificate for <" + host + - "> doesn't contain CN or DNS subjectAlt"; - throw new SSLException(msg); - } - - // StringBuffer for building the error message. - StringBuffer buf = new StringBuffer(); - - // We're can be case-insensitive when comparing the host we used to - // establish the socket to the hostname in the certificate. - String hostName = host.trim().toLowerCase(Locale.ENGLISH); - boolean match = false; - for(Iterator<String> it = names.iterator(); it.hasNext();) { - // Don't trim the CN, though! - String cn = it.next(); - cn = cn.toLowerCase(Locale.ENGLISH); - // Store CN in StringBuffer in case we need to report an error. - buf.append(" <"); - buf.append(cn); - buf.append('>'); - if(it.hasNext()) { - buf.append(" OR"); - } - - // The CN better have at least two dots if it wants wildcard - // action. It also can't be [*.co.uk] or [*.co.jp] or - // [*.org.uk], etc... - boolean doWildcard = cn.startsWith("*.") && - cn.lastIndexOf('.') >= 0 && - acceptableCountryWildcard(cn) && - !Inet6Util.isValidIPV4Address(host); - - if(doWildcard) { - match = hostName.endsWith(cn.substring(1)); - if(match && strictWithSubDomains) { - // If we're in strict mode, then [*.foo.com] is not - // allowed to match [a.b.foo.com] - match = countDots(hostName) == countDots(cn); - } - } else { - match = hostName.equals(cn); - } - if(match) { - break; - } - } - if(!match) { - throw new SSLException("hostname in certificate didn't match: <" + - host + "> !=" + buf); - } - } - - public static boolean acceptableCountryWildcard(String cn) { - int cnLen = cn.length(); - if(cnLen >= 7 && cnLen <= 9) { - // Look for the '.' in the 3rd-last position: - if(cn.charAt(cnLen - 3) == '.') { - // Trim off the [*.] and the [.XX]. - String s = cn.substring(2, cnLen - 3); - // And test against the sorted array of bad 2lds: - int x = Arrays.binarySearch(BAD_COUNTRY_2LDS, s); - return x < 0; - } - } - return true; - } - - public static String[] getCNs(X509Certificate cert) { - LinkedList<String> cnList = new LinkedList<String>(); - /* - Sebastian Hauer's original StrictSSLProtocolSocketFactory used - getName() and had the following comment: - - Parses a X.500 distinguished name for the value of the - "Common Name" field. This is done a bit sloppy right - now and should probably be done a bit more according to - <code>RFC 2253</code>. - - I've noticed that toString() seems to do a better job than - getName() on these X500Principal objects, so I'm hoping that - addresses Sebastian's concern. - - For example, getName() gives me this: - 1.2.840.113549.1.9.1=#16166a756c6975736461766965734063756362632e636f6d - - whereas toString() gives me this: - EMAILADDRESS=juliusdavies@cucbc.com - - Looks like toString() even works with non-ascii domain names! - I tested it with "花子.co.jp" and it worked fine. - */ - String subjectPrincipal = cert.getSubjectX500Principal().toString(); - StringTokenizer st = new StringTokenizer(subjectPrincipal, ","); - while(st.hasMoreTokens()) { - String tok = st.nextToken(); - int x = tok.indexOf("CN="); - if(x >= 0) { - cnList.add(tok.substring(x + 3)); - } - } - if(!cnList.isEmpty()) { - String[] cns = new String[cnList.size()]; - cnList.toArray(cns); - return cns; - } else { - return null; - } - } - - - /** - * Extracts the array of SubjectAlt DNS names from an X509Certificate. - * Returns null if there aren't any. - * <p/> - * Note: Java doesn't appear able to extract international characters - * from the SubjectAlts. It can only extract international characters - * from the CN field. - * <p/> - * (Or maybe the version of OpenSSL I'm using to test isn't storing the - * international characters correctly in the SubjectAlts?). - * - * @param cert X509Certificate - * @return Array of SubjectALT DNS names stored in the certificate. - */ - public static String[] getDNSSubjectAlts(X509Certificate cert) { - LinkedList<String> subjectAltList = new LinkedList<String>(); - Collection<List<?>> c = null; - try { - c = cert.getSubjectAlternativeNames(); - } - catch(CertificateParsingException cpe) { - Logger.getLogger(DefaultHostnameVerifier.class.getName()) - .log(Level.FINE, "Error parsing certificate.", cpe); - } - if(c != null) { - for (List<?> aC : c) { - List<?> list = aC; - int type = ((Integer) list.get(0)).intValue(); - // If type is 2, then we've got a dNSName - if (type == 2) { - String s = (String) list.get(1); - subjectAltList.add(s); - } - } - } - if(!subjectAltList.isEmpty()) { - String[] subjectAlts = new String[subjectAltList.size()]; - subjectAltList.toArray(subjectAlts); - return subjectAlts; - } else { - return null; - } - } - - /** - * Counts the number of dots "." in a string. - * @param s string to count dots from - * @return number of dots - */ - public static int countDots(final String s) { - int count = 0; - for(int i = 0; i < s.length(); i++) { - if(s.charAt(i) == '.') { - count++; - } - } - return count; - } - - /** - * Checks to see if the supplied hostname matches any of the supplied CNs - * or "DNS" Subject-Alts. Most implementations only look at the first CN, - * and ignore any additional CNs. Most implementations do look at all of - * the "DNS" Subject-Alts. The CNs or Subject-Alts may contain wildcards - * according to RFC 2818. - * - * @param cns CN fields, in order, as extracted from the X.509 - * certificate. - * @param subjectAlts Subject-Alt fields of type 2 ("DNS"), as extracted - * from the X.509 certificate. - * @param host The hostname to verify. - * @throws SSLException If verification failed. - */ - public final void verify( - final String host, - final String[] cns, - final String[] subjectAlts) throws SSLException { - verify(host, cns, subjectAlts, false); - } - -} diff --git a/x-net/src/main/java/javax/net/ssl/DefaultSSLContext.java b/x-net/src/main/java/javax/net/ssl/DefaultSSLContext.java deleted file mode 100644 index a12d385..0000000 --- a/x-net/src/main/java/javax/net/ssl/DefaultSSLContext.java +++ /dev/null @@ -1,124 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -import java.io.FileInputStream; -import java.security.AccessController; -import java.security.KeyStore; -import java.security.PrivilegedAction; -import java.security.Provider; -import java.security.Security; - -import org.apache.harmony.security.fortress.Engine; -import org.apache.harmony.security.fortress.Services; - -/** - * Support class for this package. - */ -final class DefaultSSLContext { - private static SSLContext defaultSSLContext; - - static synchronized SSLContext getContext() { - if (defaultSSLContext == null) { - defaultSSLContext = AccessController - .doPrivileged(new PrivilegedAction<SSLContext>() { - public SSLContext run() { - return findDefault(); - } - }); - } - return defaultSSLContext; - } - - private static SSLContext findDefault() { - // FIXME EXPORT CONTROL - for (Provider provider : Services.getProvidersList()) { - final Provider.Service service = Engine.door.getService(provider, "SSLContext"); - if (service != null) { - try { - SSLContext con = new SSLContext((SSLContextSpi) service.newInstance(null), - service.getProvider(), service.getAlgorithm()); - - /* - * TODO - * javax.net.ssl.keyStoreProvider, - * javax.net.ssl.trustStoreProvider system property - */ - - // find KeyStore, KeyManagers - KeyManager[] keyManagers = null; - KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); - String keystore = System.getProperty("javax.net.ssl.keyStore"); - String keystorepwd = System.getProperty("javax.net.ssl.keyStorePassword"); - char[] pwd = null; - if (keystorepwd != null) { - pwd = keystorepwd.toCharArray(); - } - if (keystore != null) { - FileInputStream fis = new FileInputStream(keystore); - try { - ks.load(fis, pwd); - } finally { - fis.close(); - } - KeyManagerFactory kmf; - String kmfAlg = Security.getProperty("ssl.KeyManagerFactory.algorithm"); - if (kmfAlg == null) { - kmfAlg = "SunX509"; - } - kmf = KeyManagerFactory.getInstance(kmfAlg); - kmf.init(ks, pwd); - keyManagers = kmf.getKeyManagers(); - } - - // find TrustStore, TrustManagers - TrustManager[] trustManagers = null; - keystore = System.getProperty("javax.net.ssl.trustStore"); - keystorepwd = System.getProperty("javax.net.ssl.trustStorePassword"); - pwd = null; - if (keystorepwd != null) { - pwd = keystorepwd.toCharArray(); - } - // TODO Defaults: jssecacerts; cacerts - if (keystore != null) { - FileInputStream fis = new FileInputStream(keystore); - try { - ks.load(fis, pwd); - } finally { - fis.close(); - } - TrustManagerFactory tmf; - String tmfAlg = Security.getProperty("ssl.TrustManagerFactory.algorithm"); - if (tmfAlg == null) { - tmfAlg = "PKIX"; - } - tmf = TrustManagerFactory.getInstance(tmfAlg); - tmf.init(ks); - trustManagers = tmf.getTrustManagers(); - } - - con.init(keyManagers, trustManagers, null); - return con; - } catch (Exception e) { - // ignore and try another - } - } - } - return null; - } -} diff --git a/x-net/src/main/java/javax/net/ssl/DefaultSSLServerSocketFactory.java b/x-net/src/main/java/javax/net/ssl/DefaultSSLServerSocketFactory.java deleted file mode 100644 index 3e58897..0000000 --- a/x-net/src/main/java/javax/net/ssl/DefaultSSLServerSocketFactory.java +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -import java.io.IOException; -import java.net.InetAddress; -import java.net.ServerSocket; -import java.net.SocketException; - -/** - * Default inoperative implementation of javax.net.ssl.SSLServerSocketFactory - */ -class DefaultSSLServerSocketFactory extends SSLServerSocketFactory { - - private final String errMessage; - - DefaultSSLServerSocketFactory(String mes) { - errMessage = mes; - } - - @Override - public String[] getDefaultCipherSuites() { - return new String[0]; - } - - @Override - public String[] getSupportedCipherSuites() { - return new String[0]; - } - - @Override - public ServerSocket createServerSocket(int port) throws IOException { - throw new SocketException(errMessage); - } - - @Override - public ServerSocket createServerSocket(int port, int backlog) throws IOException { - throw new SocketException(errMessage); - } - - @Override - public ServerSocket createServerSocket(int port, int backlog, InetAddress iAddress) - throws IOException { - throw new SocketException(errMessage); - } - -} diff --git a/x-net/src/main/java/javax/net/ssl/DefaultSSLSocketFactory.java b/x-net/src/main/java/javax/net/ssl/DefaultSSLSocketFactory.java deleted file mode 100644 index 4035a0e..0000000 --- a/x-net/src/main/java/javax/net/ssl/DefaultSSLSocketFactory.java +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -import java.io.IOException; -import java.net.InetAddress; -import java.net.Socket; -import java.net.SocketException; -import java.net.UnknownHostException; - -/** - * Default inoperative implementation of javax.net.ssl.SSLSocketFactory - * - */ -class DefaultSSLSocketFactory extends SSLSocketFactory { - - private final String errMessage; - - DefaultSSLSocketFactory(String mes) { - errMessage = mes; - } - - @Override - public String[] getDefaultCipherSuites() { - return new String[0]; - } - - @Override - public String[] getSupportedCipherSuites() { - return new String[0]; - } - - @Override - public Socket createSocket(Socket s, String host, int port, boolean autoClose) - throws IOException { - throw new SocketException(errMessage); - } - - @Override - public Socket createSocket(String host, int port) throws IOException, UnknownHostException { - throw new SocketException(errMessage); - } - - @Override - public Socket createSocket(String host, int port, InetAddress localHost, int localPort) - throws IOException, UnknownHostException { - throw new SocketException(errMessage); - } - - @Override - public Socket createSocket(InetAddress host, int port) throws IOException { - throw new SocketException(errMessage); - } - - @Override - public Socket createSocket(InetAddress address, int port, InetAddress localAddress, - int localPort) throws IOException { - throw new SocketException(errMessage); - } - -} diff --git a/x-net/src/main/java/javax/net/ssl/HandshakeCompletedEvent.java b/x-net/src/main/java/javax/net/ssl/HandshakeCompletedEvent.java deleted file mode 100644 index 4618280..0000000 --- a/x-net/src/main/java/javax/net/ssl/HandshakeCompletedEvent.java +++ /dev/null @@ -1,141 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -import java.io.Serializable; -import java.security.Principal; -import java.security.cert.Certificate; -import javax.security.cert.X509Certificate; -import java.util.EventObject; - -/** - * The event object encapsulating the information about a completed SSL - * handshake on a SSL connection. - */ -public class HandshakeCompletedEvent extends EventObject implements Serializable { - - /** - * The 5.0 spec. doesn't declare this serialVersionUID field In order to be - * compatible it is explicitly declared here - */ - private static final long serialVersionUID = 7914963744257769778L; - - private transient SSLSession session; - - /** - * Creates a new {@code HandshakeCompletedEvent} with the specified SSL - * socket and SSL session. - * - * @param sock - * the SSL socket. - * @param s - * the SSL session. - */ - public HandshakeCompletedEvent(SSLSocket sock, SSLSession s) { - super(sock); - session = s; - } - - /** - * Returns the SSL session associated with this event. - * - * @return the SSL session associated with this event. - */ - public SSLSession getSession() { - return session; - } - - /** - * Returns the name of the cipher suite negotiated during this handshake. - * - * @return the name of the cipher suite negotiated during this handshake. - */ - public String getCipherSuite() { - return session.getCipherSuite(); - } - - /** - * Returns the list of local certificates used during the handshake. These - * certificates were sent to the peer. - * - * @return Returns the list of certificates used during the handshake with - * the local identity certificate followed by CAs, or {@code null} - * if no certificates were used during the handshake. - */ - public Certificate[] getLocalCertificates() { - return session.getLocalCertificates(); - } - - /** - * Return the list of certificates identifying the peer during the - * handshake. - * - * @return the list of certificates identifying the peer with the peer's - * identity certificate followed by CAs. - * @throws SSLPeerUnverifiedException - * if the identity of the peer has not been verified. - */ - public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException { - return session.getPeerCertificates(); - } - - /** - * Returns the list of certificates identifying the peer. The peer's - * identity certificate is followed by the validated certificate authority - * certificates. - * <p> - * <b>Replaced by:</b> {@link #getPeerCertificates()} - * - * @return the list of certificates identifying the peer - * @throws SSLPeerUnverifiedException - * if the identity of the peer has not been verified. - */ - public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException { - return session.getPeerCertificateChain(); - } - - /** - * Returns the {@code Principal} identifying the peer. - * - * @return the {@code Principal} identifying the peer. - * @throws SSLPeerUnverifiedException - * if the identity of the peer has not been verified. - */ - public Principal getPeerPrincipal() throws SSLPeerUnverifiedException { - return session.getPeerPrincipal(); - } - - /** - * Returns the {@code Principal} used to identify during the handshake. - * - * @return the {@code Principal} used to identify during the handshake. - */ - public Principal getLocalPrincipal() { - return session.getLocalPrincipal(); - } - - /** - * Returns the SSL socket that produced this event. - * - * @return the SSL socket that produced this event. - */ - public SSLSocket getSocket() { - return (SSLSocket) this.source; - } - -} diff --git a/x-net/src/main/java/javax/net/ssl/HandshakeCompletedListener.java b/x-net/src/main/java/javax/net/ssl/HandshakeCompletedListener.java deleted file mode 100644 index 5032c63..0000000 --- a/x-net/src/main/java/javax/net/ssl/HandshakeCompletedListener.java +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -import java.util.EventListener; - -/** - * The listener to be implemented to receive event notifications on completion - * of SSL handshake on an SSL connection. - */ -public interface HandshakeCompletedListener extends EventListener { - /** - * The callback method that is invoked when a SSL handshake is completed. - * - * @param event - * the information on the completed SSL handshake event. - */ - void handshakeCompleted(HandshakeCompletedEvent event); -} diff --git a/x-net/src/main/java/javax/net/ssl/HostnameVerifier.java b/x-net/src/main/java/javax/net/ssl/HostnameVerifier.java deleted file mode 100644 index 805762e..0000000 --- a/x-net/src/main/java/javax/net/ssl/HostnameVerifier.java +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -/** - * The interface to be used to provide hostname verification functionality. - * <p> - * This is an extended verification option that implementers can provide. It is to be used - * during a handshake if the URL's hostname does not match the peer's - * identification hostname. - */ -public interface HostnameVerifier { - /** - * Verifies that the specified hostname is allowed within the specified SSL - * session. - * - * @param hostname - * the hostname. - * @param session - * the SSL session of the connection. - * @return {@code true} if the specified hostname is allowed, otherwise - * {@code false}. - */ - boolean verify(String hostname, SSLSession session); -} diff --git a/x-net/src/main/java/javax/net/ssl/HttpsURLConnection.java b/x-net/src/main/java/javax/net/ssl/HttpsURLConnection.java deleted file mode 100644 index 8c49690..0000000 --- a/x-net/src/main/java/javax/net/ssl/HttpsURLConnection.java +++ /dev/null @@ -1,222 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -import java.net.HttpURLConnection; -import java.net.URL; -import java.security.Principal; -import java.security.cert.Certificate; -import java.security.cert.X509Certificate; - -/** - * This abstract subclass of {@code HttpURLConnection} defines methods for - * managing HTTPS connections according to the description given by RFC 2818. - */ -public abstract class HttpsURLConnection extends HttpURLConnection { - - private static HostnameVerifier defaultHostnameVerifier = new DefaultHostnameVerifier(); - - private static SSLSocketFactory defaultSSLSocketFactory = (SSLSocketFactory) SSLSocketFactory - .getDefault(); - - /** - * Sets the default hostname verifier to be used by new instances. - * - * @param v - * the new default hostname verifier - * @throws IllegalArgumentException - * if the specified verifier is {@code null}. - */ - public static void setDefaultHostnameVerifier(HostnameVerifier v) { - if (v == null) { - throw new IllegalArgumentException("HostnameVerifier is null"); - } - defaultHostnameVerifier = v; - } - - /** - * Returns the default hostname verifier. - * - * @return the default hostname verifier. - */ - public static HostnameVerifier getDefaultHostnameVerifier() { - return defaultHostnameVerifier; - } - - /** - * Sets the default SSL socket factory to be used by new instances. - * - * @param sf - * the new default SSL socket factory. - * @throws IllegalArgumentException - * if the specified socket factory is {@code null}. - */ - public static void setDefaultSSLSocketFactory(SSLSocketFactory sf) { - if (sf == null) { - throw new IllegalArgumentException("SSLSocketFactory is null"); - } - defaultSSLSocketFactory = sf; - } - - /** - * Returns the default SSL socket factory for new instances. - * - * @return the default SSL socket factory for new instances. - */ - public static SSLSocketFactory getDefaultSSLSocketFactory() { - return defaultSSLSocketFactory; - } - - /** - * The host name verifier used by this connection. It is initialized from - * the default hostname verifier - * {@link #setDefaultHostnameVerifier(HostnameVerifier)} or - * {@link #getDefaultHostnameVerifier()}. - */ - protected HostnameVerifier hostnameVerifier; - - private SSLSocketFactory sslSocketFactory; - - /** - * Creates a new {@code HttpsURLConnection} with the specified {@code URL}. - * - * @param url - * the {@code URL} to connect to. - */ - protected HttpsURLConnection(URL url) { - super(url); - hostnameVerifier = defaultHostnameVerifier; - sslSocketFactory = defaultSSLSocketFactory; - } - - /** - * Returns the name of the cipher suite negotiated during the SSL handshake. - * - * @return the name of the cipher suite negotiated during the SSL handshake. - * @throws IllegalStateException - * if no connection has been established yet. - */ - public abstract String getCipherSuite(); - - /** - * Returns the list of local certificates used during the handshake. These - * certificates were sent to the peer. - * - * @return Returns the list of certificates used during the handshake with - * the local identity certificate followed by CAs, or {@code null} - * if no certificates were used during the handshake. - * @throws IllegalStateException - * if no connection has been established yet. - */ - public abstract Certificate[] getLocalCertificates(); - - /** - * Return the list of certificates identifying the peer during the - * handshake. - * - * @return the list of certificates identifying the peer with the peer's - * identity certificate followed by CAs. - * @throws SSLPeerUnverifiedException - * if the identity of the peer has not been verified.. - * @throws IllegalStateException - * if no connection has been established yet. - */ - public abstract Certificate[] getServerCertificates() throws SSLPeerUnverifiedException; - - /** - * Returns the {@code Principal} identifying the peer. - * - * @return the {@code Principal} identifying the peer. - * @throws SSLPeerUnverifiedException - * if the identity of the peer has not been verified. - * @throws IllegalStateException - * if no connection has been established yet. - */ - public Principal getPeerPrincipal() throws SSLPeerUnverifiedException { - Certificate[] certs = getServerCertificates(); - if (certs == null || certs.length == 0 || (!(certs[0] instanceof X509Certificate))) { - throw new SSLPeerUnverifiedException("No server's end-entity certificate"); - } - return ((X509Certificate) certs[0]).getSubjectX500Principal(); - } - - /** - * Returns the {@code Principal} used to identify the local host during the handshake. - * - * @return the {@code Principal} used to identify the local host during the handshake, or - * {@code null} if none was used. - * @throws IllegalStateException - * if no connection has been established yet. - */ - public Principal getLocalPrincipal() { - Certificate[] certs = getLocalCertificates(); - if (certs == null || certs.length == 0 || (!(certs[0] instanceof X509Certificate))) { - return null; - } - return ((X509Certificate) certs[0]).getSubjectX500Principal(); - } - - /** - * Sets the hostname verifier for this instance. - * - * @param v - * the hostname verifier for this instance. - * @throws IllegalArgumentException - * if the specified verifier is {@code null}. - */ - public void setHostnameVerifier(HostnameVerifier v) { - if (v == null) { - throw new IllegalArgumentException("HostnameVerifier is null"); - } - hostnameVerifier = v; - } - - /** - * Returns the hostname verifier used by this instance. - * - * @return the hostname verifier used by this instance. - */ - public HostnameVerifier getHostnameVerifier() { - return hostnameVerifier; - } - - /** - * Sets the SSL socket factory for this instance. - * - * @param sf - * the SSL socket factory to be used by this instance. - * @throws IllegalArgumentException - * if the specified socket factory is {@code null}. - */ - public void setSSLSocketFactory(SSLSocketFactory sf) { - if (sf == null) { - throw new IllegalArgumentException("SSLSocketFactory is null"); - } - sslSocketFactory = sf; - } - - /** - * Returns the SSL socket factory used by this instance. - * - * @return the SSL socket factory used by this instance. - */ - public SSLSocketFactory getSSLSocketFactory() { - return sslSocketFactory; - } - -} diff --git a/x-net/src/main/java/javax/net/ssl/KeyManager.java b/x-net/src/main/java/javax/net/ssl/KeyManager.java deleted file mode 100644 index 30c8032..0000000 --- a/x-net/src/main/java/javax/net/ssl/KeyManager.java +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -/** - * This is the interface to implement in order to mark a class as a JSSE key - * managers so that key managers can be easily grouped. The key managers are - * responsible for handling the keys used to authenticate the local side to its - * peer, - */ -public interface KeyManager { -} diff --git a/x-net/src/main/java/javax/net/ssl/KeyManagerFactory.java b/x-net/src/main/java/javax/net/ssl/KeyManagerFactory.java deleted file mode 100644 index 99a37a8..0000000 --- a/x-net/src/main/java/javax/net/ssl/KeyManagerFactory.java +++ /dev/null @@ -1,233 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -import java.security.AccessController; -import java.security.InvalidAlgorithmParameterException; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivilegedAction; -import java.security.Provider; -import java.security.Security; -import java.security.UnrecoverableKeyException; - -import org.apache.harmony.security.fortress.Engine; - -/** - * The public API for {@code KeyManagerFactory} implementations. - */ -public class KeyManagerFactory { - // Store KeyManagerFactory service name - private static final String SERVICE = "KeyManagerFactory"; - - // Used to access common engine functionality - private static Engine engine = new Engine(SERVICE); - - // Store default property name - private static final String PROPERTY_NAME = "ssl.KeyManagerFactory.algorithm"; - - /** - * Returns the default key manager factory algorithm name. - * <p> - * The default algorithm name is specified by the security property: - * {@code 'ssl.KeyManagerFactory.algorithm'}. - * - * @return the default algorithm name. - */ - public static final String getDefaultAlgorithm() { - return AccessController.doPrivileged(new PrivilegedAction<String>() { - public String run() { - return Security.getProperty(PROPERTY_NAME); - } - }); - } - - /** - * Creates a new {@code KeyManagerFactory} instance for the specified key - * management algorithm. - * - * @param algorithm - * the name of the requested key management algorithm. - * @return a key manager factory for the requested algorithm. - * @throws NoSuchAlgorithmException - * if no installed provider can provide the requested algorithm. - * @throws NullPointerException - * if {@code algorithm} is {@code null} (instead of - * NoSuchAlgorithmException as in 1.4 release) - */ - public static final KeyManagerFactory getInstance(String algorithm) - throws NoSuchAlgorithmException { - if (algorithm == null) { - throw new NullPointerException("algorithm is null"); - } - synchronized (engine) { - engine.getInstance(algorithm, null); - return new KeyManagerFactory((KeyManagerFactorySpi) engine.spi, engine.provider, - algorithm); - } - } - - /** - * Creates a new {@code KeyManagerFactory} instance for the specified key - * management algorithm from the specified provider. - * - * @param algorithm - * the name of the requested key management algorithm name. - * @param provider - * the name of the provider that provides the requested - * algorithm. - * @return a key manager factory for the requested algorithm. - * @throws NoSuchAlgorithmException - * if the specified provider cannot provide the requested - * algorithm. - * @throws NoSuchProviderException - * if the specified provider does not exist. - * @throws NullPointerException - * if {@code algorithm} is {@code null} (instead of - * NoSuchAlgorithmException as in 1.4 release) - */ - public static final KeyManagerFactory getInstance(String algorithm, String provider) - throws NoSuchAlgorithmException, NoSuchProviderException { - if ((provider == null) || (provider.length() == 0)) { - throw new IllegalArgumentException("Provider is null or empty"); - } - Provider impProvider = Security.getProvider(provider); - if (impProvider == null) { - throw new NoSuchProviderException(provider); - } - return getInstance(algorithm, impProvider); - } - - /** - * Creates a new {@code KeyManagerFactory} instance for the specified key - * management algorithm from the specified provider. - * - * @param algorithm - * the name of the requested key management algorithm name. - * @param provider - * the provider that provides the requested algorithm. - * @return a key manager factory for the requested algorithm. - * @throws NoSuchAlgorithmException - * if the specified provider cannot provide the requested - * algorithm. - * @throws NullPointerException - * if {@code algorithm} is {@code null} (instead of - * NoSuchAlgorithmException as in 1.4 release) - */ - public static final KeyManagerFactory getInstance(String algorithm, Provider provider) - throws NoSuchAlgorithmException { - if (provider == null) { - throw new IllegalArgumentException("Provider is null"); - } - if (algorithm == null) { - throw new NullPointerException("algorithm is null"); - } - synchronized (engine) { - engine.getInstance(algorithm, provider, null); - return new KeyManagerFactory((KeyManagerFactorySpi) engine.spi, provider, algorithm); - } - } - - // Store used provider - private final Provider provider; - - // Store used KeyManagerFactorySpi implementation - private final KeyManagerFactorySpi spiImpl; - - // Store used algorithm - private final String algorithm; - - /** - * Creates a new {@code KeyManagerFactory}. - * - * @param factorySpi - * the implementation delegate. - * @param provider - * the provider. - * @param algorithm - * the key management algorithm name. - */ - protected KeyManagerFactory(KeyManagerFactorySpi factorySpi, Provider provider, String algorithm) { - super(); - this.provider = provider; - this.algorithm = algorithm; - this.spiImpl = factorySpi; - } - - /** - * Returns the name of the key management algorithm. - * - * @return the name of the key management algorithm. - */ - public final String getAlgorithm() { - return algorithm; - } - - /** - * Returns the provider for this {@code KeyManagerFactory} instance. - * - * @return the provider for this {@code KeyManagerFactory} instance. - */ - public final Provider getProvider() { - return provider; - } - - /** - * Initializes this instance with the specified key store and password. - * - * @param ks - * the key store or {@code null} to use the default key store. - * @param password - * the password for the specified key store or {@code null} if no - * key store is provided. - * @throws KeyStoreException - * if initializing this key manager factory fails. - * @throws NoSuchAlgorithmException - * if a required algorithm is not available. - * @throws UnrecoverableKeyException - * if a key cannot be recovered. - */ - public final void init(KeyStore ks, char[] password) throws KeyStoreException, - NoSuchAlgorithmException, UnrecoverableKeyException { - spiImpl.engineInit(ks, password); - } - - /** - * Initializes this instance with the specified factory parameters. - * - * @param spec - * the factory parameters. - * @throws InvalidAlgorithmParameterException - * if an error occurs. - */ - public final void init(ManagerFactoryParameters spec) throws InvalidAlgorithmParameterException { - spiImpl.engineInit(spec); - } - - /** - * Returns a list of key managers, one instance for each type of key in the - * key store. - * - * @return a list of key managers. - */ - public final KeyManager[] getKeyManagers() { - return spiImpl.engineGetKeyManagers(); - } -} diff --git a/x-net/src/main/java/javax/net/ssl/KeyManagerFactorySpi.java b/x-net/src/main/java/javax/net/ssl/KeyManagerFactorySpi.java deleted file mode 100644 index 39925f9..0000000 --- a/x-net/src/main/java/javax/net/ssl/KeyManagerFactorySpi.java +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -import java.security.InvalidAlgorithmParameterException; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.UnrecoverableKeyException; - -/** - * The <i>Service Provider Interface</i> (SPI) for the - * {@code KeyManagerFactory} class. - */ -public abstract class KeyManagerFactorySpi { - - /** - * Creates a new {@code KeyManagerFactorySpi} instance. - */ - public KeyManagerFactorySpi() { - super(); - } - - /** - * Initializes this instance with the specified key store and password. - * - * @param ks - * the key store or {@code null} to use the default key store. - * @param password - * the key store password. - * @throws KeyStoreException - * if initializing this instance fails. - * @throws NoSuchAlgorithmException - * if a required algorithm is not available. - * @throws UnrecoverableKeyException - * if a key cannot be recovered. - */ - protected abstract void engineInit(KeyStore ks, char[] password) throws KeyStoreException, - NoSuchAlgorithmException, UnrecoverableKeyException; - - /** - * Initializes this instance with the specified factory parameters. - * - * @param spec - * the factory parameters. - * @throws InvalidAlgorithmParameterException - * if an error occurs. - */ - protected abstract void engineInit(ManagerFactoryParameters spec) - throws InvalidAlgorithmParameterException; - - /** - * Returns a list of key managers, one instance for each type of key in the - * key store. - * - * @return a list of key managers. - */ - protected abstract KeyManager[] engineGetKeyManagers(); -} diff --git a/x-net/src/main/java/javax/net/ssl/KeyStoreBuilderParameters.java b/x-net/src/main/java/javax/net/ssl/KeyStoreBuilderParameters.java deleted file mode 100644 index d30cc8a..0000000 --- a/x-net/src/main/java/javax/net/ssl/KeyStoreBuilderParameters.java +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -import java.util.ArrayList; -import java.util.Collections; -import java.util.List; -import java.security.KeyStore; - -/** - * The parameters for {@code KeyManager}s. The parameters are a list of - * {@code KeyStore.Builder}s. - * - * @since 1.5 - * @see KeyStore.Builder - */ -public class KeyStoreBuilderParameters implements ManagerFactoryParameters { - - private final List<KeyStore.Builder> ksbuilders; - - /** - * Creates a new {@code KeyStoreBuilderParameters} with the specified key - * store builder. - * - * @param builder - * the key store builder. - */ - public KeyStoreBuilderParameters(KeyStore.Builder builder) { - super(); - ksbuilders = Collections.singletonList(builder); - } - - /** - * Creates a new {@code KeyStoreBuilderParameters} with the specified list - * of {@code KeyStore.Builder}s. - * - * @param parameters - * the list of key store builders - * @throws IllegalArgumentException - * if the specified list is empty. - */ - @SuppressWarnings("unchecked") - public KeyStoreBuilderParameters(List parameters) { - super(); - if (parameters == null) { - throw new NullPointerException("Builders list is null"); - } - if (parameters.isEmpty()) { - throw new IllegalArgumentException("Builders list is empty"); - } - ksbuilders = Collections.unmodifiableList(new ArrayList<KeyStore.Builder>(parameters)); - } - - /** - * Returns the unmodifiable list of {@code KeyStore.Builder}s associated - * with this parameters instance. - * - * @return the unmodifiable list of {@code KeyStore.Builder}s. - */ - @SuppressWarnings("unchecked") - public List getParameters() { - return ksbuilders; - } -} diff --git a/x-net/src/main/java/javax/net/ssl/ManagerFactoryParameters.java b/x-net/src/main/java/javax/net/ssl/ManagerFactoryParameters.java deleted file mode 100644 index b90deeb..0000000 --- a/x-net/src/main/java/javax/net/ssl/ManagerFactoryParameters.java +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -/** - * The marker interface for key manager factory parameters. Its purpose is to - * group key manager factory parameters objects. - * - * @since 1.4 - */ -public interface ManagerFactoryParameters { -} diff --git a/x-net/src/main/java/javax/net/ssl/SSLContext.java b/x-net/src/main/java/javax/net/ssl/SSLContext.java deleted file mode 100644 index 8a0a157..0000000 --- a/x-net/src/main/java/javax/net/ssl/SSLContext.java +++ /dev/null @@ -1,253 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -import java.security.KeyManagementException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.Provider; -import java.security.SecureRandom; -import java.security.Security; - -import org.apache.harmony.security.fortress.Engine; - - -/** - * The public API for secure socket protocol implementations. It acts as factory - * for {@code SSLSocketFactory}'s and {@code SSLEngine}s. - */ -public class SSLContext { - // StoreSSLContext service name - private static final String SERVICE = "SSLContext"; - - // Used to access common engine functionality - private static Engine engine = new Engine(SERVICE); - - /** - * Creates a new {@code SSLContext} instance for the specified protocol. - * - * @param protocol - * the requested protocol to create a context for. - * @return the created {@code SSLContext} instance. - * @throws NoSuchAlgorithmException - * if no installed provider can provide the requested protocol - * @throws NullPointerException - * if {@code protocol} is {@code null} (instead of - * NoSuchAlgorithmException as in 1.4 release) - */ - public static SSLContext getInstance(String protocol) throws NoSuchAlgorithmException { - if (protocol == null) { - throw new NullPointerException("protocol is null"); - } - synchronized (engine) { - engine.getInstance(protocol, null); - return new SSLContext((SSLContextSpi) engine.spi, engine.provider, protocol); - } - } - - /** - * Creates a new {@code SSLContext} instance for the specified protocol from - * the specified provider. - * - * @param protocol - * the requested protocol to create a context for. - * @param provider - * the name of the provider that provides the requested protocol. - * @return an {@code SSLContext} for the requested protocol. - * @throws NoSuchAlgorithmException - * if the specified provider cannot provider the requested - * protocol. - * @throws NoSuchProviderException - * if the specified provider does not exits. - * @throws NullPointerException - * if {@code protocol} is {@code null} (instead of - * NoSuchAlgorithmException as in 1.4 release) - */ - public static SSLContext getInstance(String protocol, String provider) - throws NoSuchAlgorithmException, NoSuchProviderException { - if (provider == null) { - throw new IllegalArgumentException("Provider is null"); - } - if (provider.length() == 0) { - throw new IllegalArgumentException("Provider is empty"); - } - Provider impProvider = Security.getProvider(provider); - if (impProvider == null) { - throw new NoSuchProviderException(provider); - } - return getInstance(protocol, impProvider); - } - - /** - * Creates a new {@code SSLContext} instance for the specified protocol from - * the specified provider. - * - * @param protocol - * the requested protocol to create a context for - * @param provider - * the provider that provides the requested protocol. - * @return an {@code SSLContext} for the requested protocol. - * @throws NoSuchAlgorithmException - * if the specified provider cannot provide the requested - * protocol. - * @throws NullPointerException - * if {@code protocol} is {@code null} (instead of - * NoSuchAlgorithmException as in 1.4 release) - */ - public static SSLContext getInstance(String protocol, Provider provider) - throws NoSuchAlgorithmException { - if (provider == null) { - throw new IllegalArgumentException("provider is null"); - } - if (protocol == null) { - throw new NullPointerException("protocol is null"); - } - synchronized (engine) { - engine.getInstance(protocol, provider, null); - return new SSLContext((SSLContextSpi) engine.spi, provider, protocol); - } - } - - private final Provider provider; - - private final SSLContextSpi spiImpl; - - private final String protocol; - - /** - * Creates a new {@code SSLContext}. - * - * @param contextSpi - * the implementation delegate. - * @param provider - * the provider. - * @param protocol - * the protocol name. - */ - protected SSLContext(SSLContextSpi contextSpi, Provider provider, String protocol) { - this.provider = provider; - this.protocol = protocol; - this.spiImpl = contextSpi; - } - - /** - * Returns the name of the secure socket protocol of this instance. - * - * @return the name of the secure socket protocol of this instance. - */ - public final String getProtocol() { - return protocol; - } - - /** - * Returns the provider of this {@code SSLContext} instance. - * - * @return the provider of this {@code SSLContext} instance. - */ - public final Provider getProvider() { - return provider; - } - - /** - * Initializes this {@code SSLContext} instance. All of the arguments are - * optional, and the security providers will be searched for the required - * implementations of the needed algorithms. - * - * @param km - * the key sources or {@code null}. - * @param tm - * the trust decision sources or {@code null}. - * @param sr - * the randomness source or {@code null.} - * @throws KeyManagementException - * if initializing this instance fails. - */ - public final void init(KeyManager[] km, TrustManager[] tm, SecureRandom sr) - throws KeyManagementException { - spiImpl.engineInit(km, tm, sr); - } - - /** - * Returns a socket factory for this instance. - * - * @return a socket factory for this instance. - */ - public final SSLSocketFactory getSocketFactory() { - return spiImpl.engineGetSocketFactory(); - } - - /** - * Returns a server socket factory for this instance. - * - * @return a server socket factory for this instance. - */ - public final SSLServerSocketFactory getServerSocketFactory() { - return spiImpl.engineGetServerSocketFactory(); - } - - /** - * Creates an {@code SSLEngine} instance from this context. - * - * @return an {@code SSLEngine} instance from this context. - * @throws UnsupportedOperationException - * if the provider does not support the operation. - */ - public final SSLEngine createSSLEngine() { - return spiImpl.engineCreateSSLEngine(); - } - - /** - * Creates an {@code SSLEngine} instance from this context with the - * specified hostname and port. - * - * @param peerHost - * the name of the host - * @param peerPort - * the port - * @return an {@code SSLEngine} instance from this context. - * @throws UnsupportedOperationException - * if the provider does not support the operation. - */ - public final SSLEngine createSSLEngine(String peerHost, int peerPort) { - return spiImpl.engineCreateSSLEngine(peerHost, peerPort); - } - - /** - * Returns the SSL session context that encapsulates the set of SSL sessions - * that can be used for handshake of server-side SSL sockets. - * - * @return the SSL server session context for this context or {@code null} - * if the underlying provider does not provide an implementation of - * the {@code SSLSessionContext} interface. - */ - public final SSLSessionContext getServerSessionContext() { - return spiImpl.engineGetServerSessionContext(); - } - - /** - * Returns the SSL session context that encapsulates the set of SSL sessions - * that can be used for handshake of client-side SSL sockets. - * - * @return the SSL client session context for this context or {@code null} - * if the underlying provider does not provide an implementation of - * the {@code SSLSessionContext} interface. - */ - public final SSLSessionContext getClientSessionContext() { - return spiImpl.engineGetClientSessionContext(); - } -} diff --git a/x-net/src/main/java/javax/net/ssl/SSLContextSpi.java b/x-net/src/main/java/javax/net/ssl/SSLContextSpi.java deleted file mode 100644 index 44d2c59..0000000 --- a/x-net/src/main/java/javax/net/ssl/SSLContextSpi.java +++ /dev/null @@ -1,109 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -import java.security.KeyManagementException; -import java.security.SecureRandom; - -/** - * The <i>Service Provider Interface</i> (SPI) for the {@code SSLContext} class. - */ -public abstract class SSLContextSpi { - - /** - * Creates a new {@code SSLContextSpi} instance. - */ - public SSLContextSpi() { - super(); - } - - /** - * Initializes this {@code SSLContext} instance. All of the arguments are - * optional, and the security providers will be searched for the required - * implementations of the needed algorithms. - * - * @param km - * the key sources or {@code null}. - * @param tm - * the trust decision sources or {@code null}. - * @param sr - * the randomness source or {@code null.} - * @throws KeyManagementException - * if initializing this instance fails. - */ - protected abstract void engineInit(KeyManager[] km, TrustManager[] tm, SecureRandom sr) - throws KeyManagementException; - - /** - * Returns a socket factory for this instance. - * - * @return a socket factory for this instance. - */ - protected abstract SSLSocketFactory engineGetSocketFactory(); - - /** - * Returns a server socket factory for this instance. - * - * @return a server socket factory for this instance. - */ - protected abstract SSLServerSocketFactory engineGetServerSocketFactory(); - - /** - * Creates an {@code SSLEngine} instance from this context with the - * specified hostname and port. - * - * @param host - * the name of the host - * @param port - * the port - * @return an {@code SSLEngine} instance from this context. - * @throws UnsupportedOperationException - * if the provider does not support the operation. - */ - protected abstract SSLEngine engineCreateSSLEngine(String host, int port); - - /** - * Creates an {@code SSLEngine} instance from this context. - * - * @return an {@code SSLEngine} instance from this context. - * @throws UnsupportedOperationException - * if the provider does not support the operation. - */ - protected abstract SSLEngine engineCreateSSLEngine(); - - /** - * Returns the SSL session context that encapsulates the set of SSL sessions - * that can be used for the server side of the SSL handshake. - * - * @return the SSL server session context for this context or {@code null} - * if the underlying provider does not provide an implementation of - * the {@code SSLSessionContext} interface. - */ - protected abstract SSLSessionContext engineGetServerSessionContext(); - - /** - * Returns the SSL session context that encapsulates the set of SSL sessions - * that can be used for the client side of the SSL handshake. - * - * @return the SSL client session context for this context or {@code null} - * if the underlying provider does not provide an implementation of - * the {@code SSLSessionContext} interface. - */ - protected abstract SSLSessionContext engineGetClientSessionContext(); - -} diff --git a/x-net/src/main/java/javax/net/ssl/SSLEngine.java b/x-net/src/main/java/javax/net/ssl/SSLEngine.java deleted file mode 100644 index 46e11a4..0000000 --- a/x-net/src/main/java/javax/net/ssl/SSLEngine.java +++ /dev/null @@ -1,464 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -import java.nio.ByteBuffer; - -/** - * The abstract implementation of secure communications using SSL, TLS, or other - * protocols. It includes the setup, handshake, and encrypt/decrypt - * functionality needed to create a secure connection. - * - * @since 1.5 - */ -public abstract class SSLEngine { - private final String peerHost; - private final int peerPort; - - /** - * Creates a new {@code SSLEngine} instance. - */ - protected SSLEngine() { - super(); - peerHost = null; - peerPort = -1; - } - - /** - * Creates a new {@code SSLEngine} instance with the specified host and - * port. - * - * @param host - * the name of the host. - * @param port - * the port of the host. - */ - protected SSLEngine(String host, int port) { - super(); - this.peerHost = host; - this.peerPort = port; - } - - /** - * Returns the name of the peer host. - * - * @return the name of the peer host, or {@code null} if none is available. - */ - public String getPeerHost() { - return peerHost; - } - - /** - * Returns the port number of the peer host. - * - * @return the port number of the peer host, or {@code -1} is none is - * available. - */ - public int getPeerPort() { - return peerPort; - } - - /** - * Initiates a handshake on this engine. - * <p> - * Calling this method is not needed for the initial handshake: it will be - * called by {@code wrap} or {@code unwrap} if the initial handshake has not - * been started yet. - * - * @throws SSLException - * if starting the handshake fails. - * @throws IllegalStateException - * if the engine does not have all the needed settings (e.g. - * client/server mode not set). - */ - public abstract void beginHandshake() throws SSLException; - - /** - * Notifies this engine instance that no more inbound network data will be - * sent to this engine. - * - * @throws SSLException - * if this engine did not receive a needed protocol specific - * close notification message from the peer. - */ - public abstract void closeInbound() throws SSLException; - - /** - * Notifies this engine instance that no more outbound application data will - * be sent to this engine. - */ - public abstract void closeOutbound(); - - /** - * Returns a delegate task for this engine instance. Some engine operations - * may require the results of blocking or long running operations, and the - * {@code SSLEngineResult} instances returned by this engine may indicate - * that a delegated task result is needed. In this case the - * {@link Runnable#run() run} method of the returned {@code Runnable} - * delegated task must be called. - * - * @return a delegate task, or {@code null} if none are available. - */ - public abstract Runnable getDelegatedTask(); - - /** - * Returns the SSL cipher suite names that are enabled in this engine - * instance. - * - * @return the SSL cipher suite names that are enabled in this engine - * instance. - */ - public abstract String[] getEnabledCipherSuites(); - - /** - * Returns the protocol version names that are enabled in this engine - * instance. - * - * @return the protocol version names that are enabled in this engine - * instance. - */ - public abstract String[] getEnabledProtocols(); - - /** - * Returns whether new SSL sessions may be established by this engine. - * - * @return {@code true} if new session may be established, {@code false} if - * existing sessions must be reused. - */ - public abstract boolean getEnableSessionCreation(); - - /** - * Returns the status of the handshake of this engine instance. - * - * @return the status of the handshake of this engine instance. - */ - public abstract SSLEngineResult.HandshakeStatus getHandshakeStatus(); - - /** - * Returns whether this engine instance will require client authentication. - * - * @return {@code true} if this engine will require client authentication, - * {@code false} if no client authentication is needed. - */ - public abstract boolean getNeedClientAuth(); - - /** - * Returns the SSL session for this engine instance. - * - * @return the SSL session for this engine instance. - */ - public abstract SSLSession getSession(); - - /** - * Returns the SSL cipher suite names that are supported by this engine. - * These cipher suites can be enabled using - * {@link #setEnabledCipherSuites(String[])}. - * - * @return the SSL cipher suite names that are supported by this engine. - */ - public abstract String[] getSupportedCipherSuites(); - - /** - * Returns the protocol names that are supported by this engine. These - * protocols can be enables using {@link #setEnabledProtocols(String[])}. - * - * @return the protocol names that are supported by this engine. - */ - public abstract String[] getSupportedProtocols(); - - /** - * Returns whether this engine is set to act in client mode when - * handshaking. - * - * @return {@code true} if the engine is set to do handshaking in client - * mode. - */ - public abstract boolean getUseClientMode(); - - /** - * Returns whether this engine will request client authentication. - * - * @return {@code true} if client authentication will be requested, - * {@code false} otherwise. - */ - public abstract boolean getWantClientAuth(); - - /** - * Returns whether no more inbound data will be accepted by this engine. - * - * @return {@code true} if no more inbound data will be accepted by this - * engine, {@code false} otherwise. - */ - public abstract boolean isInboundDone(); - - /** - * Returns whether no more outbound data will be produced by this engine. - * - * @return {@code true} if no more outbound data will be producted by this - * engine, {@code otherwise} false. - */ - public abstract boolean isOutboundDone(); - - /** - * Sets the SSL cipher suite names that should be enabled in this engine - * instance. Only cipher suites listed by {@code getSupportedCipherSuites()} - * are allowed. - * - * @param suites - * the SSL cipher suite names to be enabled. - * @throws IllegalArgumentException - * if one of the specified cipher suites is not supported, or if - * {@code suites} is {@code null}. - */ - public abstract void setEnabledCipherSuites(String[] suites); - - /** - * Sets the protocol version names that should be enabled in this engine - * instance. Only protocols listed by {@code getSupportedProtocols()} are - * allowed. - * - * @param protocols - * the protocol version names to be enabled. - * @throws IllegalArgumentException - * if one of the protocol version names is not supported, or if - * {@code protocols} is {@code null}. - */ - public abstract void setEnabledProtocols(String[] protocols); - - /** - * Sets whether new SSL sessions may be established by this engine instance. - * - * @param flag - * {@code true} if new SSL sessions may be established, - * {@code false} if existing SSL sessions must be reused. - */ - public abstract void setEnableSessionCreation(boolean flag); - - /** - * Sets whether this engine must require client authentication. The client - * authentication is one of: - * <ul> - * <li>authentication required</li> - * <li>authentication requested</li> - * <li>no authentication needed</li> - * </ul> - * This method overrides the setting of {@link #setWantClientAuth(boolean)}. - * - * @param need - * {@code true} if client authentication is required, - * {@code false} if no authentication is needed. - */ - public abstract void setNeedClientAuth(boolean need); - - /** - * Sets whether this engine should act in client (or server) mode when - * handshaking. - * - * @param mode - * {@code true} if this engine should act in client mode, - * {@code false} if not. - * @throws IllegalArgumentException - * if this method is called after starting the initial - * handshake. - */ - public abstract void setUseClientMode(boolean mode); - - /** - * Sets whether this engine should request client authentication. The client - * authentication is one of the following: - * <ul> - * <li>authentication required</li> - * <li>authentication requested</li> - * <li>no authentication needed</li> - * </ul> - * This method overrides the setting of {@link #setNeedClientAuth(boolean)}. - * - * @param want - * {@code true} if client authentication should be requested, - * {@code false} if no authentication is needed. - */ - public abstract void setWantClientAuth(boolean want); - - /** - * Decodes the incoming network data buffer into application data buffers. - * If a handshake has not been started yet, it will automatically be - * started. - * - * @param src - * the buffer with incoming network data - * @param dsts - * the array of destination buffers for incoming application - * data. - * @param offset - * the offset in the array of destination buffers to which data - * is to be transferred. - * @param length - * the maximum number of destination buffers to be used. - * @return the result object of this operation. - * @throws SSLException - * if a problem occurred while processing the data. - * @throws IndexOutOfBoundsException - * if {@code length} is greater than - * {@code dsts.length - offset}. - * @throws java.nio.ReadOnlyBufferException - * if one of the destination buffers is read-only. - * @throws IllegalArgumentException - * if {@code src}, {@code dsts}, or one of the entries in - * {@code dsts} is {@code null}. - * @throws IllegalStateException - * if the engine does not have all the needed settings (e.g. - * client/server mode not set). - */ - public abstract SSLEngineResult unwrap(ByteBuffer src, ByteBuffer[] dsts, int offset, int length) - throws SSLException; - - /** - * Encodes the outgoing application data buffers into the network data - * buffer. If a handshake has not been started yet, it will automatically be - * started. - * - * @param srcs - * the array of source buffers of outgoing application data. - * @param offset - * the offset in the array of source buffers from which data is - * to be retrieved. - * @param length - * the maximum number of source buffers to be used. - * @param dst - * the destination buffer for network data. - * @return the result object of this operation. - * @throws SSLException - * if a problem occurred while processing the data. - * @throws IndexOutOfBoundsException - * if {@code length} is greater than - * {@code srcs.length - offset}. - * @throws java.nio.ReadOnlyBufferException - * if the destination buffer is readonly. - * @throws IllegalArgumentException - * if {@code srcs}, {@code dst}, or one the entries in - * {@code srcs} is {@code null}. - * @throws IllegalStateException - * if the engine does not have all the needed settings (e.g. - * client/server mode not set). - */ - public abstract SSLEngineResult wrap(ByteBuffer[] srcs, int offset, int length, ByteBuffer dst) - throws SSLException; - - /** - * Decodes the incoming network data buffer into the application data - * buffer. If a handshake has not been started yet, it will automatically be - * started. - * - * @param src - * the buffer with incoming network data - * @param dst - * the destination buffer for incoming application data. - * @return the result object of this operation. - * @throws SSLException - * if a problem occurred while processing the data. - * @throws java.nio.ReadOnlyBufferException - * if one of the destination buffers is read-only. - * @throws IllegalArgumentException - * if {@code src} or {@code dst} is {@code null}. - * @throws IllegalStateException - * if the engine does not have all the needed settings (e.g. - * client/server mode not set). - */ - public SSLEngineResult unwrap(ByteBuffer src, ByteBuffer dst) throws SSLException { - return unwrap(src, new ByteBuffer[] { dst }, 0, 1); - } - - /** - * Decodes the incoming network data buffer into the application data - * buffers. If a handshake has not been started yet, it will automatically - * be started. - * - * @param src - * the buffer with incoming network data - * @param dsts - * the array of destination buffers for incoming application - * data. - * @return the result object of this operation. - * @throws SSLException - * if a problem occurred while processing the data. - * @throws java.nio.ReadOnlyBufferException - * if one of the destination buffers is read-only. - * @throws IllegalArgumentException - * if {@code src} or {@code dsts} is {@code null}. - * @throws IllegalStateException - * if the engine does not have all the needed settings (e.g. - * client/server mode not set). - */ - public SSLEngineResult unwrap(ByteBuffer src, ByteBuffer[] dsts) throws SSLException { - if (dsts == null) { - throw new IllegalArgumentException("Byte buffer array dsts is null"); - } - return unwrap(src, dsts, 0, dsts.length); - } - - /** - * Encodes the outgoing application data buffers into the network data - * buffer. If a handshake has not been started yet, it will automatically be - * started. - * - * @param srcs - * the array of source buffers of outgoing application data. - * @param dst - * the destination buffer for network data. - * @return the result object of this operation. - * @throws SSLException - * if a problem occurred while processing the data. - * @throws java.nio.ReadOnlyBufferException - * if the destination buffer is readonly. - * @throws IllegalArgumentException - * if {@code srcs} or {@code dst} is {@code null}. - * @throws IllegalStateException - * if the engine does not have all the needed settings (e.g. - * client/server mode not set). - */ - public SSLEngineResult wrap(ByteBuffer[] srcs, ByteBuffer dst) throws SSLException { - if (srcs == null) { - throw new IllegalArgumentException("Byte buffer array srcs is null"); - } - return wrap(srcs, 0, srcs.length, dst); - } - - /** - * Encodes the outgoing application data buffer into the network data - * buffer. If a handshake has not been started yet, it will automatically be - * started. - * - * @param src - * the source buffers of outgoing application data. - * @param dst - * the destination buffer for network data. - * @return the result object of this operation. - * @throws SSLException - * if a problem occurred while processing the data. - * @throws java.nio.ReadOnlyBufferException - * if the destination buffer is readonly. - * @throws IllegalArgumentException - * if {@code src} or {@code dst} is {@code null}. - * @throws IllegalStateException - * if the engine does not have all the needed settings (e.g. - * client/server mode not set). - */ - public SSLEngineResult wrap(ByteBuffer src, ByteBuffer dst) throws SSLException { - return wrap(new ByteBuffer[] { src }, 0, 1, dst); - } -} diff --git a/x-net/src/main/java/javax/net/ssl/SSLEngineResult.java b/x-net/src/main/java/javax/net/ssl/SSLEngineResult.java deleted file mode 100644 index 8a98831..0000000 --- a/x-net/src/main/java/javax/net/ssl/SSLEngineResult.java +++ /dev/null @@ -1,172 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -/** - * The result object describing the state of the {@code SSLEngine} produced - * by the {@code wrap()} and {@code unwrap()} operations. - */ -public class SSLEngineResult { - - /** - * The {@code enum} describing the state of the current handshake. - */ - public enum HandshakeStatus { - /** - * No handshake in progress. - */ - NOT_HANDSHAKING, - /** - * The handshake is finished. - */ - FINISHED, - /** - * The results of one (or more) delegated tasks are needed to continue - * the handshake. - */ - NEED_TASK, - /** - * The engine must send data to the remote side to continue the - * handshake. - */ - NEED_WRAP, - /** - * The engine needs to receive data from the remote side to continue the - * handshake. - */ - NEED_UNWRAP - } - - /** - * The {@code enum} describing the result of the {@code SSLEngine} - * operation. - */ - public static enum Status { - /** - * The size of the destination buffer is too small to hold the result of - * the current operation. - */ - BUFFER_OVERFLOW, - /** - * There were not enough bytes available in the source buffer to - * complete the current operation. - */ - BUFFER_UNDERFLOW, - /** - * The operation closed this side of the communication or was already - * closed. - */ - CLOSED, - /** - * The operation completed successfully. - */ - OK - } - - // Store Status object - private final SSLEngineResult.Status status; - - // Store HandshakeStatus object - private final SSLEngineResult.HandshakeStatus handshakeStatus; - - // Store bytesConsumed - private final int bytesConsumed; - - // Store bytesProduced - private final int bytesProduced; - - /** - * Creates a new {@code SSLEngineResult} instance with the specified state - * values. - * - * @param status - * the return value of the {@code SSLEngine} operation. - * @param handshakeStatus - * the status of the current handshake - * @param bytesConsumed - * the number of bytes retrieved from the source buffer(s). - * @param bytesProduced - * the number of bytes transferred to the destination buffer(s). - * @throws IllegalArgumentException - * if {@code status} or {@code handshakeStatus} is {@code null}, - * or if {@code bytesConsumed} or {@code bytesProduces} are - * negative. - */ - public SSLEngineResult(SSLEngineResult.Status status, - SSLEngineResult.HandshakeStatus handshakeStatus, int bytesConsumed, int bytesProduced) { - if (status == null) { - throw new IllegalArgumentException("status is null"); - } - if (handshakeStatus == null) { - throw new IllegalArgumentException("handshakeStatus is null"); - } - if (bytesConsumed < 0) { - throw new IllegalArgumentException("bytesConsumed is negative"); - } - if (bytesProduced < 0) { - throw new IllegalArgumentException("bytesProduced is negative"); - } - this.status = status; - this.handshakeStatus = handshakeStatus; - this.bytesConsumed = bytesConsumed; - this.bytesProduced = bytesProduced; - } - - /** - * Returns the return value of the {@code SSLEngine} operation. - * - * @return the return value of the {@code SSLEngine} operation. - */ - public final Status getStatus() { - return status; - } - - /** - * Returns the status of the current handshake. - * - * @return the status of the current handshake. - */ - public final HandshakeStatus getHandshakeStatus() { - return handshakeStatus; - } - - /** - * Returns the number of bytes retrieved from the source buffer(s). - * - * @return the number of bytes retrieved from the source buffer(s). - */ - public final int bytesConsumed() { - return bytesConsumed; - } - - /** - * Returns the number of bytes transferred to the destination buffer(s). - * - * @return the number of bytes transferred to the destination buffer(s). - */ - public final int bytesProduced() { - return bytesProduced; - } - - @Override - public String toString() { - return "SSLEngineReport: Status = " + status + " HandshakeStatus = " + handshakeStatus - + "\n bytesConsumed = " + bytesConsumed + " bytesProduced = " - + bytesProduced; - } -} diff --git a/x-net/src/main/java/javax/net/ssl/SSLException.java b/x-net/src/main/java/javax/net/ssl/SSLException.java deleted file mode 100644 index 5d716f7..0000000 --- a/x-net/src/main/java/javax/net/ssl/SSLException.java +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -import java.io.IOException; - -/** - * The base class for all SSL related exceptions. - */ -public class SSLException extends IOException { - private static final long serialVersionUID = 4511006460650708967L; - - /** - * Creates a new {@code SSLException} with the specified reason. - * - * @param reason - * the reason for the exception. - */ - public SSLException(String reason) { - super(reason); - } - - /** - * Creates a new {@code SSLException} with the specified message and cause. - * - * @param message - * the detail message for the exception. - * @param cause - * the cause. - */ - public SSLException(String message, Throwable cause) { - super(message); - super.initCause(cause); - } - - /** - * Creates a new {@code SSLException} with the specified cause. - * - * @param cause - * the cause - */ - public SSLException(Throwable cause) { - super(cause == null ? null : cause.toString()); - super.initCause(cause); - } -} diff --git a/x-net/src/main/java/javax/net/ssl/SSLHandshakeException.java b/x-net/src/main/java/javax/net/ssl/SSLHandshakeException.java deleted file mode 100644 index 1c17ae7..0000000 --- a/x-net/src/main/java/javax/net/ssl/SSLHandshakeException.java +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -/** - * The exception that is thrown when a handshake could not be completed - * successfully. - */ -public class SSLHandshakeException extends SSLException { - - private static final long serialVersionUID = -5045881315018326890L; - - /** - * Creates a new {@code SSLHandshakeException} with the specified message. - * - * @param reason - * the detail message for the exception. - */ - public SSLHandshakeException(String reason) { - super(reason); - } -} diff --git a/x-net/src/main/java/javax/net/ssl/SSLKeyException.java b/x-net/src/main/java/javax/net/ssl/SSLKeyException.java deleted file mode 100644 index 6d81676..0000000 --- a/x-net/src/main/java/javax/net/ssl/SSLKeyException.java +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -/** - * The exception that is thrown when an invalid SSL key is encountered. - */ -public class SSLKeyException extends SSLException { - - private static final long serialVersionUID = -8071664081941937874L; - - /** - * Creates a new {@code SSLKeyException} with the specified message. - * - * @param reason - * the detail message for the exception. - */ - public SSLKeyException(String reason) { - super(reason); - } -} diff --git a/x-net/src/main/java/javax/net/ssl/SSLPeerUnverifiedException.java b/x-net/src/main/java/javax/net/ssl/SSLPeerUnverifiedException.java deleted file mode 100644 index bb5bd64..0000000 --- a/x-net/src/main/java/javax/net/ssl/SSLPeerUnverifiedException.java +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -/** - * The exception that is thrown when the identity of a peer has not beed - * verified. - */ -public class SSLPeerUnverifiedException extends SSLException { - - private static final long serialVersionUID = -8919512675000600547L; - - /** - * Creates a new {@code SSLPeerUnverifiedException} with the specified - * message. - * - * @param reason - * the detail message for the exception. - */ - public SSLPeerUnverifiedException(String reason) { - super(reason); - } -} diff --git a/x-net/src/main/java/javax/net/ssl/SSLPermission.java b/x-net/src/main/java/javax/net/ssl/SSLPermission.java deleted file mode 100644 index 5b5c76f..0000000 --- a/x-net/src/main/java/javax/net/ssl/SSLPermission.java +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -import java.security.BasicPermission; - -/** - * The class representing a network permission. - * <p> - * The following permissions are defined, allowing the specified action: - * <dl> - * <dt> {@code "setHostnameVerifier"} </dt> - * <dd> setting a callback object for additional verification of a hostname mismatch.</dd> - * <dt> {@code "getSSLSessionContext"} </dt> - * <dd> getting the {@code SSLSessionContext} of an {@code SSLSession}.</dd> - * </dl> - */ -public final class SSLPermission extends BasicPermission { - - private static final long serialVersionUID = -3456898025505876775L; - - /** - * Creates a new {@code SSLPermission} with the specified name. - * - * @param name - * the permission name. - */ - public SSLPermission(String name) { - super(name); - } - - /** - * Creates a new {@code SSLPermission} with the specified name. - * - * @param name - * the permission name. - * @param actions - * is ignored and should be {@code null}. - */ - public SSLPermission(String name, String actions) { - super(name, actions); - } -} diff --git a/x-net/src/main/java/javax/net/ssl/SSLProtocolException.java b/x-net/src/main/java/javax/net/ssl/SSLProtocolException.java deleted file mode 100644 index 50ed74d..0000000 --- a/x-net/src/main/java/javax/net/ssl/SSLProtocolException.java +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -/** - * The exception that is thrown when an error in the operation of the SSL - * protocol is encountered. - */ -public class SSLProtocolException extends SSLException { - - private static final long serialVersionUID = 5445067063799134928L; - - /** - * Creates a new {@code SSLProtocolException} with the specified message. - * - * @param reason - * the detail message for the exception. - */ - public SSLProtocolException(String reason) { - super(reason); - } -} diff --git a/x-net/src/main/java/javax/net/ssl/SSLServerSocket.java b/x-net/src/main/java/javax/net/ssl/SSLServerSocket.java deleted file mode 100644 index 8bd8918..0000000 --- a/x-net/src/main/java/javax/net/ssl/SSLServerSocket.java +++ /dev/null @@ -1,232 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -import java.io.IOException; -import java.net.InetAddress; -import java.net.ServerSocket; - -/** - * The extension of {@code ServerSocket} which provides secure server sockets - * based on protocols like SSL, TLS, or others. - */ -public abstract class SSLServerSocket extends ServerSocket { - - /** - * Only to be used by subclasses. - * <p> - * Creates a TCP server socket with the default authentication context. - * - * @throws IOException - * if creating the socket fails. - */ - protected SSLServerSocket() throws IOException { - super(); - } - - /** - * Only to be used by subclasses. - * <p> - * Creates a TCP server socket on the specified port with the default - * authentication context. The connection's default backlog size is 50 - * connections. - * @param port - * the port to listen on. - * @throws IOException - * if creating the socket fails. - */ - protected SSLServerSocket(int port) throws IOException { - super(port); - } - - /** - * Only to be used by subclasses. - * <p> - * Creates a TCP server socket on the specified port using the specified - * backlog and the default authentication context. - * - * @param port - * the port to listen on. - * @param backlog - * the number of pending connections to queue. - * @throws IOException - * if creating the socket fails. - */ - protected SSLServerSocket(int port, int backlog) throws IOException { - super(port, backlog); - } - - /** - * Only to be used by subclasses. - * <p> - * Creates a TCP server socket on the specified port, using the specified - * backlog, listening on the specified interface, and using the default - * authentication context. - * - * @param port - * the port the listen on. - * @param backlog - * the number of pending connections to queue. - * @param address - * the address of the interface to accept connections on. - * @throws IOException - * if creating the socket fails. - */ - protected SSLServerSocket(int port, int backlog, InetAddress address) throws IOException { - super(port, backlog, address); - } - - /** - * Returns the names of the enabled cipher suites to be used for new - * connections. - * - * @return the names of the enabled cipher suites to be used for new - * connections. - */ - public abstract String[] getEnabledCipherSuites(); - - /** - * Sets the names of the cipher suites to be enabled for new connections. - * Only cipher suites returned by {@link #getSupportedCipherSuites()} are - * allowed. - * - * @param suites - * the names of the to be enabled cipher suites. - * @throws IllegalArgumentException - * if one of the cipher suite names is not supported. - */ - public abstract void setEnabledCipherSuites(String[] suites); - - /** - * Returns the names of the supported cipher suites. - * - * @return the names of the supported cipher suites. - */ - public abstract String[] getSupportedCipherSuites(); - - /** - * Returns the names of the supported protocols. - * - * @return the names of the supported protocols. - */ - public abstract String[] getSupportedProtocols(); - - /** - * Returns the names of the enabled protocols to be used for new - * connections. - * - * @return the names of the enabled protocols to be used for new - * connections. - */ - public abstract String[] getEnabledProtocols(); - - /** - * Sets the names of the protocols to be enabled for new connections. Only - * protocols returned by {@link #getSupportedProtocols()} are allowed. - * - * @param protocols - * the names of the to be enabled protocols. - * @throws IllegalArgumentException - * if one of the protocols is not supported. - */ - public abstract void setEnabledProtocols(String[] protocols); - - /** - * Sets whether server-mode connections will be configured to require client - * authentication. The client authentication is one of the following: - * <ul> - * <li>authentication required</li> - * <li>authentication requested</li> - * <li>no authentication needed</li> - * </ul> - * This method overrides the setting of {@link #setWantClientAuth(boolean)}. - * - * @param need - * {@code true} if client authentication is required, - * {@code false} if no authentication is needed. - */ - public abstract void setNeedClientAuth(boolean need); - - /** - * Returns whether server-mode connections will be configured to require - * client authentication. - * - * @return {@code true} if client authentication is required, {@code false} - * if no client authentication is needed. - */ - public abstract boolean getNeedClientAuth(); - - /** - * Sets whether server-mode connections will be configured to request client - * authentication. The client authentication is one of the following: - * <ul> - * <li>authentication required</li> - * <li>authentication requested</li> - * <li>no authentication needed</li> - * </ul> - * This method overrides the setting of {@link #setNeedClientAuth(boolean)}. - * - * @param want - * {@code true} if client authentication should be requested, - * {@code false} if no authentication is needed. - */ - public abstract void setWantClientAuth(boolean want); - - /** - * Returns whether server-mode connections will be configured to request - * client authentication. - * - * @return {@code true} is client authentication will be requested, - * {@code false} if no client authentication is needed. - */ - public abstract boolean getWantClientAuth(); - - /** - * Sets whether new connections should act in client mode when handshaking. - * - * @param mode - * {@code true} if new connections should act in client mode, - * {@code false} if not. - */ - public abstract void setUseClientMode(boolean mode); - - /** - * Returns whether new connection will act in client mode when handshaking. - * - * @return {@code true} if new connections will act in client mode when - * handshaking, {@code false} if not. - */ - public abstract boolean getUseClientMode(); - - /** - * Sets whether new SSL sessions may be established for new connections. - * - * @param flag - * {@code true} if new SSL sessions may be established, - * {@code false} if existing SSL sessions must be reused. - */ - public abstract void setEnableSessionCreation(boolean flag); - - /** - * Returns whether new SSL sessions may be established for new connections. - * - * @return {@code true} if new SSL sessions may be established, - * {@code false} if existing SSL sessions must be reused. - */ - public abstract boolean getEnableSessionCreation(); -} diff --git a/x-net/src/main/java/javax/net/ssl/SSLServerSocketFactory.java b/x-net/src/main/java/javax/net/ssl/SSLServerSocketFactory.java deleted file mode 100644 index ccb2c5d..0000000 --- a/x-net/src/main/java/javax/net/ssl/SSLServerSocketFactory.java +++ /dev/null @@ -1,103 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -import java.security.AccessController; -import java.security.PrivilegedAction; -import java.security.Security; - -import javax.net.ServerSocketFactory; - -/** - * The factory for SSL server sockets. - */ -public abstract class SSLServerSocketFactory extends ServerSocketFactory { - // TODO EXPORT CONTROL - - // The default SSL socket factory - private static ServerSocketFactory defaultServerSocketFactory; - - private static String defaultName; - - /** - * Returns the default {@code SSLServerSocketFactory} instance. The default - * implementation is defined by the security property - * "ssl.ServerSocketFactory.provider". - * - * @return the default {@code SSLServerSocketFactory} instance. - */ - public static synchronized ServerSocketFactory getDefault() { - if (defaultServerSocketFactory != null) { - return defaultServerSocketFactory; - } - if (defaultName == null) { - AccessController.doPrivileged(new PrivilegedAction<Void>() { - public Void run() { - defaultName = Security.getProperty("ssl.ServerSocketFactory.provider"); - if (defaultName != null) { - ClassLoader cl = Thread.currentThread().getContextClassLoader(); - if (cl == null) { - cl = ClassLoader.getSystemClassLoader(); - } - try { - final Class<?> ssfc = Class.forName(defaultName, true, cl); - defaultServerSocketFactory = (ServerSocketFactory) ssfc.newInstance(); - } catch (Exception e) { - } - } - return null; - } - }); - } - if (defaultServerSocketFactory == null) { - // Try to find in providers - SSLContext context = DefaultSSLContext.getContext(); - if (context != null) { - defaultServerSocketFactory = context.getServerSocketFactory(); - } - } - if (defaultServerSocketFactory == null) { - // Use internal dummy implementation - defaultServerSocketFactory = new DefaultSSLServerSocketFactory( - "No ServerSocketFactory installed"); - } - return defaultServerSocketFactory; - } - - /** - * Creates a new {@code SSLServerSocketFactory} instance. - */ - protected SSLServerSocketFactory() { - super(); - } - - /** - * Returns the names of the cipher suites that are enabled by default. - * - * @return the names of the cipher suites that are enabled by default - */ - public abstract String[] getDefaultCipherSuites(); - - /** - * Returns the list of supported cipher suites that could be enabled for an - * SSL connection created by this factory. - * - * @return the list of supported cipher suites - */ - public abstract String[] getSupportedCipherSuites(); -} diff --git a/x-net/src/main/java/javax/net/ssl/SSLSession.java b/x-net/src/main/java/javax/net/ssl/SSLSession.java deleted file mode 100644 index 14a312a..0000000 --- a/x-net/src/main/java/javax/net/ssl/SSLSession.java +++ /dev/null @@ -1,231 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -import java.security.Principal; -import java.security.cert.Certificate; -import javax.security.cert.X509Certificate; - -/** - * The interface representing an SSL session. - */ -public interface SSLSession { - - /** - * Returns the maximum size that an application buffer can be for this - * session. - * - * @return the maximum application buffer size. - */ - public int getApplicationBufferSize(); - - /** - * Returns the name of the cipher suite used in this session. - * - * @return the name of the cipher suite used in this session. - */ - public String getCipherSuite(); - - /** - * Returns the time this session was created, in milliseconds since midnight - * January 1st 1970 UTC. - * - * @return the time the session was created. - */ - public long getCreationTime(); - - /** - * Returns this sessions identifier. - * - * @return this sessions identifier. - */ - public byte[] getId(); - - /** - * Returns the time this session was last accessed, in milliseconds since - * midnight January 1st 1970 UTC. - * - * @return the time this session was last accessed. - */ - public long getLastAccessedTime(); - - /** - * Returns the list of certificates that were used to identify the local - * side to the peer during the handshake. - * - * @return the list of certificates, ordered from local certificate to - * CA's certificates. - */ - public Certificate[] getLocalCertificates(); - - /** - * Returns the principal used to identify the local side to the peer during - * the handshake. - * - * @return the principal used to identify the local side. - */ - public Principal getLocalPrincipal(); - - /** - * Returns the maximum size that a network buffer can be for this session. - * - * @return the maximum network buffer size. - */ - public int getPacketBufferSize(); - - /** - * Returns the list of certificates the peer used to identify itself during - * the handshake. - * <p> - * Note: this method exists for compatility reasons, use - * {@link #getPeerCertificates()} instead. - * - * @return the list of certificates, ordered from the identity certificate to - * the CA's certificates - * @throws SSLPeerUnverifiedException - * if the identity of the peer is not verified. - */ - public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException; - - /** - * Returns the list of certificates the peer used to identify itself during - * the handshake. - * - * @return the list of certificates, ordered from the identity certificate to - * the CA's certificates. - * @throws SSLPeerUnverifiedException - * if the identity of the peer is not verified. - */ - public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException; - - /** - * Returns the host name of the peer of this session. The host name is not - * authenticated. - * - * @return the host name of the peer of this session, or {@code null} if no - * host name is available. - */ - public String getPeerHost(); - - /** - * Returns the port number of the peer of this session. The port number is - * not authenticated. - * - * @return the port number of the peer, of {@code -1} is no port number is - * available. - */ - public int getPeerPort(); - - /** - * Returns the principal identifying the peer during the handshake. - * - * @return the principal identifying the peer. - * @throws SSLPeerUnverifiedException - * if the identity of the peer has not been verified. - */ - public Principal getPeerPrincipal() throws SSLPeerUnverifiedException; - - /** - * Returns the protocol name that is used for all connections in this - * session. - * - * @return the protocol name that is used for all connections in this - * session. - */ - public String getProtocol(); - - /** - * Returns the context of this session. If a context is available and a - * security manager is installed, the - * {@code SSLPermission("getSSLSessionContext"} is checked with the security - * manager. - * - * @return the context of this session or {@code null} if no context is - * available. - */ - public SSLSessionContext getSessionContext(); - - /** - * Returns the object bound to the specified name in this session's - * application layer data. - * - * @param name - * the name of the bound value. - * @return the value bound to the specified name, or {@code null} if the - * specified name does not exist or is not accessible in the current - * access control context. - * @throws IllegalArgumentException - * if {@code name} is {@code null}. - */ - public Object getValue(String name); - - /** - * Returns the list of the object names bound to this session's application - * layer data.. - * <p> - * Depending on the current access control context, the list of object names - * may be different. - * - * @return the list of the object names bound to this session's application - * layer data. - */ - public String[] getValueNames(); - - /** - * Invalidates this session. - * <p> - * No new connections can be created, but any existing connection remains - * valid until it is closed. - */ - public void invalidate(); - - /** - * Returns whether this session is valid. - * - * @return {@code true} if this session is valid, otherwise {@code false}. - */ - public boolean isValid(); - - /** - * Binds the specified object under the specified name in this session's - * application layer data. - * <p> - * For bindings (new or existing) implementing the - * {@code SSLSessionBindingListener} interface the object will be notified. - * - * @param name - * the name to bind the object to. - * @param value - * the object to bind. - * @throws IllegalArgumentException - * if either {@code name} or {@code value} is {@code null}. - */ - public void putValue(String name, Object value); - - /** - * Removes the binding for the specified name in this session's application - * layer data. If the existing binding implements the - * {@code SSLSessionBindingListener} interface the object will be notified. - * - * @param name - * the binding to remove. - * @throws IllegalArgumentException - * if {@code name} is {@code null}. - */ - public void removeValue(String name); -} diff --git a/x-net/src/main/java/javax/net/ssl/SSLSessionBindingEvent.java b/x-net/src/main/java/javax/net/ssl/SSLSessionBindingEvent.java deleted file mode 100644 index 19ae835..0000000 --- a/x-net/src/main/java/javax/net/ssl/SSLSessionBindingEvent.java +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -import java.io.Serializable; -import java.util.EventObject; - -/** - * The event sent to an {@code SSLSessionBindingListener} when the listener - * object is bound ({@link SSLSession#putValue(String, Object)}) or unbound - * ({@link SSLSession#removeValue(String)}) to an {@code SSLSession}. - */ -public class SSLSessionBindingEvent extends EventObject implements Serializable { - - /** - * The 5.0 spec. doesn't declare this serialVersionUID field In order to be compatible it is - * explicitly declared here - */ - private static final long serialVersionUID = 3989172637106345L; - - /** - * @serial include - */ - private final String name; - - /** - * Creates a new {@code SSLSessionBindingEvent} for the specified session - * indicating a binding event for the specified name. - * - * @param session - * the session for which the event occurs. - * @param name - * the name of the object being (un)bound. - */ - public SSLSessionBindingEvent(SSLSession session, String name) { - super(session); - this.name = name; - } - - /** - * Returns the name of the binding being added or removed. - * - * @return the name of the binding. - */ - public String getName() { - return name; - } - - /** - * Returns the session to which the binding is added or from which it is - * removed. - * - * @return the session to which the binding is added or from which it is - * removed. - */ - public SSLSession getSession() { - return (SSLSession) this.source; - } - -} diff --git a/x-net/src/main/java/javax/net/ssl/SSLSessionBindingListener.java b/x-net/src/main/java/javax/net/ssl/SSLSessionBindingListener.java deleted file mode 100644 index 43ad745..0000000 --- a/x-net/src/main/java/javax/net/ssl/SSLSessionBindingListener.java +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -import java.util.EventListener; - -/** - * The interface to be implemented by any object that requires notification when - * data objects are bound to (or unbound from) an {@code SSLSession}. - */ -public interface SSLSessionBindingListener extends EventListener { - - /** - * Notifies this listener when a value is bound to an {@code SSLSession}. - * - * @param event - * the event data. - */ - public void valueBound(SSLSessionBindingEvent event); - - /** - * Notifies this listener when a value is unbound from an {@code SSLSession}. - * - * @param event - * the event data. - */ - public void valueUnbound(SSLSessionBindingEvent event); - -} diff --git a/x-net/src/main/java/javax/net/ssl/SSLSessionContext.java b/x-net/src/main/java/javax/net/ssl/SSLSessionContext.java deleted file mode 100644 index 154376e..0000000 --- a/x-net/src/main/java/javax/net/ssl/SSLSessionContext.java +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -import java.util.Enumeration; - -/** - * A collection of {@code SSLSession}s. - */ -public interface SSLSessionContext { - /** - * Returns an iterable of all session identifiers in this session context. - * - * @return an iterable of all session identifiers in this session context. - */ - @SuppressWarnings("unchecked") - public Enumeration getIds(); - - /** - * Returns the session for the specified session identifier. - * - * @param sessionId - * the session identifier of the session to look up. - * @return the session for the specified session identifier, or {@code null} - * if the specified session identifier does not refer to a session - * in this context. - */ - public SSLSession getSession(byte[] sessionId); - - /** - * Returns the size of the session cache for this session context. - * - * @return the size of the session cache for this session context, or - * {@code zero} if unlimited. - */ - public int getSessionCacheSize(); - - /** - * Returns the timeout for sessions in this session context. Sessions - * exceeding the timeout are invalidated. - * - * @return the timeout in seconds, or {@code zero} if unlimited. - */ - public int getSessionTimeout(); - - /** - * Sets the size of the session cache for this session context. - * - * @param size - * the size of the session cache, or {@code zero} for unlimited - * cache size. - * @throws IllegalArgumentException - * if {@code size} is negative. - */ - public void setSessionCacheSize(int size) throws IllegalArgumentException; - - /** - * Sets the timeout for sessions in this context. Sessions exceeding the - * timeout are invalidated. - * - * @param seconds - * the timeout in seconds, or {@code zero} if unlimited. - * @throws IllegalArgumentException - * if {@code seconds} is negative. - */ - public void setSessionTimeout(int seconds) throws IllegalArgumentException; -} diff --git a/x-net/src/main/java/javax/net/ssl/SSLSocket.java b/x-net/src/main/java/javax/net/ssl/SSLSocket.java deleted file mode 100644 index 4a70843..0000000 --- a/x-net/src/main/java/javax/net/ssl/SSLSocket.java +++ /dev/null @@ -1,299 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -import java.io.IOException; -import java.net.InetAddress; -import java.net.Socket; -import java.net.UnknownHostException; - -/** - * The extension of {@code Socket} providing secure protocols like SSL (Secure - * Socket Layer") or TLS (Transport Layer Security). - */ -public abstract class SSLSocket extends Socket { - - /** - * Only to be used by subclasses. - * <p> - * Creates a TCP socket. - */ - protected SSLSocket() { - super(); - } - - /** - * Only to be used by subclasses. - * <p> - * Creates a TCP socket connection to the specified host at the specified - * port. - * - * @param host - * the host name to connect to. - * @param port - * the port number to connect to. - * @throws IOException - * if creating the socket fails. - * @throws UnknownHostException - * if the specified host is not known. - */ - protected SSLSocket(String host, int port) throws IOException, UnknownHostException { - super(host, port); - } - - /** - * Only to be used by subclasses. - * <p> - * Creates a TCP socket connection to the specified address at the specified - * port. - * - * @param address - * the address to connect to. - * @param port - * the port number to connect to. - * @throws IOException - * if creating the socket fails. - */ - protected SSLSocket(InetAddress address, int port) throws IOException { - super(address, port); - } - - /** - * Only to be used by subclasses. - * <p> - * Creates a TCP socket connection to the specified host at the specified - * port with the client side bound to the specified address and port. - * - * @param host - * the host name to connect to. - * @param port - * the port number to connect to. - * @param clientAddress - * the client address to bind to - * @param clientPort - * the client port number to bind to. - * @throws IOException - * if creating the socket fails. - * @throws UnknownHostException - * if the specified host is not known. - */ - protected SSLSocket(String host, int port, InetAddress clientAddress, int clientPort) - throws IOException, UnknownHostException { - super(host, port, clientAddress, clientPort); - } - - /** - * Only to be used by subclasses. - * <p> - * Creates a TCP socket connection to the specified address at the specified - * port with the client side bound to the specified address and port. - * - * @param address - * the address to connect to. - * @param port - * the port number to connect to. - * @param clientAddress - * the client address to bind to. - * @param clientPort - * the client port number to bind to. - * @throws IOException - * if creating the socket fails. - */ - protected SSLSocket(InetAddress address, int port, InetAddress clientAddress, int clientPort) - throws IOException { - super(address, port, clientAddress, clientPort); - } - - /** - * Returns the names of the supported cipher suites. - * - * @return the names of the supported cipher suites. - */ - public abstract String[] getSupportedCipherSuites(); - - /** - * Returns the names of the enabled cipher suites. - * - * @return the names of the enabled cipher suites. - */ - public abstract String[] getEnabledCipherSuites(); - - /** - * Sets the names of the cipher suites to be enabled. - * Only cipher suites returned by {@link #getSupportedCipherSuites()} are - * allowed. - * - * @param suites - * the names of the to be enabled cipher suites. - * @throws IllegalArgumentException - * if one of the cipher suite names is not supported. - */ - public abstract void setEnabledCipherSuites(String[] suites); - - /** - * Returns the names of the supported protocols. - * - * @return the names of the supported protocols. - */ - public abstract String[] getSupportedProtocols(); - - /** - * Returns the names of the enabled protocols. - * - * @return the names of the enabled protocols. - */ - public abstract String[] getEnabledProtocols(); - - /** - * Sets the names of the protocols to be enabled. Only - * protocols returned by {@link #getSupportedProtocols()} are allowed. - * - * @param protocols - * the names of the to be enabled protocols. - * @throws IllegalArgumentException - * if one of the protocols is not supported. - */ - public abstract void setEnabledProtocols(String[] protocols); - - /** - * Returns the {@code SSLSession} for this connection. If necessary, a - * handshake will be initiated, in which case this method will block until the handshake - * has been established. If the handshake fails, an invalid session object - * will be returned. - * - * @return the session object. - */ - public abstract SSLSession getSession(); - - /** - * Registers the specified listener to receive notification on completion of a - * handshake on this connection. - * - * @param listener - * the listener to register. - * @throws IllegalArgumentException - * if {@code listener} is {@code null}. - */ - public abstract void addHandshakeCompletedListener(HandshakeCompletedListener listener); - - /** - * Removes the specified handshake completion listener. - * - * @param listener - * the listener to remove. - * @throws IllegalArgumentException - * if the specified listener is not registered or {@code null}. - */ - public abstract void removeHandshakeCompletedListener(HandshakeCompletedListener listener); - - /** - * Starts a new SSL handshake on this connection. - * - * @throws IOException - * if an error occurs. - */ - public abstract void startHandshake() throws IOException; - - /** - * Sets whether this connection should act in client mode when handshaking. - * - * @param mode - * {@code true} if this connection should act in client mode, - * {@code false} if not. - */ - public abstract void setUseClientMode(boolean mode); - - /** - * Returns whether this connection will act in client mode when handshaking. - * - * @return {@code true} if this connections will act in client mode when - * handshaking, {@code false} if not. - */ - public abstract boolean getUseClientMode(); - - /** - * Sets whether this connection should require client authentication. This - * is only useful for sockets in server mode. The client authentication is - * one of the following: - * <ul> - * <li>authentication required</li> - * <li>authentication requested</li> - * <li>no authentication needed</li> - * </ul> - * This method overrides the setting of {@link #setWantClientAuth(boolean)}. - * - * @param need - * {@code true} if client authentication is required, - * {@code false} if no authentication is needed. - */ - public abstract void setNeedClientAuth(boolean need); - - /** - * Returns whether this connection requires client authentication. - * This is only useful for sockets in server mode. - * - * @return {@code true} if client authentication is required, {@code false} - * if no client authentication is needed. - */ - public abstract boolean getNeedClientAuth(); - - /** - * Sets whether this connections should request client authentication. This - * is only useful for sockets in server mode. The client authentication is - * one of: - * <ul> - * <li>authentication required</li> - * <li>authentication requested</li> - * <li>no authentication needed</li> - * </ul> - * This method overrides the setting of {@link #setNeedClientAuth(boolean)}. - * - * @param want - * {@code true} if client authentication should be requested, - * {@code false} if not authentication is needed. - */ - public abstract void setWantClientAuth(boolean want); - - /** - * Returns whether this connections will request client authentication. - * - * @return {@code true} is client authentication will be requested, - * {@code false} if no client authentication is needed. - */ - public abstract boolean getWantClientAuth(); - - /** - * Sets whether new SSL sessions may be created by this socket or if - * existing sessions must be reused. - * - * @param flag - * {@code true} if new sessions may be created, otherwise - * {@code false}. - */ - public abstract void setEnableSessionCreation(boolean flag); - - /** - * Returns whether new SSL sessions may be created by this socket or if - * existing sessions must be reused. - * - * @return {@code true} if new sessions may be created, otherwise - * {@code false}. - */ - public abstract boolean getEnableSessionCreation(); - -} diff --git a/x-net/src/main/java/javax/net/ssl/SSLSocketFactory.java b/x-net/src/main/java/javax/net/ssl/SSLSocketFactory.java deleted file mode 100644 index b75c218..0000000 --- a/x-net/src/main/java/javax/net/ssl/SSLSocketFactory.java +++ /dev/null @@ -1,147 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -import java.io.IOException; -import java.net.Socket; -import java.security.AccessController; -import java.security.PrivilegedAction; -import java.security.Security; -// BEGIN android-added -import java.util.logging.Level; -import java.util.logging.Logger; -// END android-added - -import javax.net.SocketFactory; - -/** - * The abstract factory implementation to create {@code SSLSocket}s. - */ -public abstract class SSLSocketFactory extends SocketFactory { - // FIXME EXPORT CONTROL - - // The default SSL socket factory - private static SocketFactory defaultSocketFactory; - - private static String defaultName; - - /** - * Returns the default {@code SSLSocketFactory} instance. The default is - * defined by the security property {@code 'ssl.SocketFactory.provider'}. - * - * @return the default ssl socket factory instance. - */ - public static synchronized SocketFactory getDefault() { - if (defaultSocketFactory != null) { - // BEGIN android-added - // log("SSLSocketFactory", "Using factory " + defaultSocketFactory, null); - // END android-added - return defaultSocketFactory; - } - if (defaultName == null) { - AccessController.doPrivileged(new PrivilegedAction<Void>() { - public Void run() { - defaultName = Security.getProperty("ssl.SocketFactory.provider"); - if (defaultName != null) { - ClassLoader cl = Thread.currentThread().getContextClassLoader(); - if (cl == null) { - cl = ClassLoader.getSystemClassLoader(); - } - try { - final Class<?> sfc = Class.forName(defaultName, true, cl); - defaultSocketFactory = (SocketFactory) sfc.newInstance(); - } catch (Exception e) { - // BEGIN android-added - log("SSLSocketFactory", "Problem creating " + defaultName, e); - // END android-added - } - } - return null; - } - }); - } - - if (defaultSocketFactory == null) { - // Try to find in providers - SSLContext context = DefaultSSLContext.getContext(); - if (context != null) { - defaultSocketFactory = context.getSocketFactory(); - } - } - if (defaultSocketFactory == null) { - // Use internal implementation - defaultSocketFactory = new DefaultSSLSocketFactory("No SSLSocketFactory installed"); - } - // BEGIN android-added - // log("SSLSocketFactory", "Using factory " + defaultSocketFactory, null); - // END android-added - return defaultSocketFactory; - } - - // BEGIN android-added - @SuppressWarnings("unchecked") - private static void log(String tag, String msg, Throwable throwable) { - Logger.getLogger(tag).log(Level.INFO, msg, throwable); - } - // END android-added - - /** - * Creates a new {@code SSLSocketFactory}. - */ - public SSLSocketFactory() { - super(); - } - - /** - * Returns the names of the cipher suites that are enabled by default. - * - * @return the names of the cipher suites that are enabled by default. - */ - public abstract String[] getDefaultCipherSuites(); - - /** - * Returns the names of the cipher suites that are supported and could be - * enabled for an SSL connection. - * - * @return the names of the cipher suites that are supported. - */ - public abstract String[] getSupportedCipherSuites(); - - /** - * Creates an {@code SSLSocket} over the specified socket that is connected - * to the specified host at the specified port. - * - * @param s - * the socket. - * @param host - * the host. - * @param port - * the port number. - * @param autoClose - * {@code true} if socket {@code s} should be closed when the - * created socket is closed, {@code false} if the socket - * {@code s} should be left open. - * @return the creates ssl socket. - * @throws IOException - * if creating the socket fails. - * @throws java.net.UnknownHostException - * if the host is unknown. - */ - public abstract Socket createSocket(Socket s, String host, int port, boolean autoClose) - throws IOException; -} diff --git a/x-net/src/main/java/javax/net/ssl/TrustManager.java b/x-net/src/main/java/javax/net/ssl/TrustManager.java deleted file mode 100644 index 9bdb16b..0000000 --- a/x-net/src/main/java/javax/net/ssl/TrustManager.java +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -/** - * The marker interface for JSSE trust managers. The purpose is to group trust - * managers. The responsibility a trust manager is to handle the trust data used to - * make trust decisions for deciding whether credentials of a peer should be - * accepted, - * @see TrustManagerFactory - */ -public interface TrustManager { -} diff --git a/x-net/src/main/java/javax/net/ssl/TrustManagerFactory.java b/x-net/src/main/java/javax/net/ssl/TrustManagerFactory.java deleted file mode 100644 index 6d9e4c9..0000000 --- a/x-net/src/main/java/javax/net/ssl/TrustManagerFactory.java +++ /dev/null @@ -1,229 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -import java.security.AccessController; -import java.security.InvalidAlgorithmParameterException; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivilegedAction; -import java.security.Provider; -import java.security.Security; - -import org.apache.harmony.security.fortress.Engine; - -/** - * The factory for {@code TrustManager}s based on {@code KeyStore} or provider - * specific implementation. - */ -public class TrustManagerFactory { - // Store TrustManager service name - private static final String SERVICE = "TrustManagerFactory"; - - // Used to access common engine functionality - private static Engine engine = new Engine(SERVICE); - - // Store default property name - private static final String PROPERTYNAME = "ssl.TrustManagerFactory.algorithm"; - - /** - * Returns the default algorithm name for the {@code TrustManagerFactory}. The - * default algorithm name is specified by the security property - * {@code 'ssl.TrustManagerFactory.algorithm'}. - * - * @return the default algorithm name. - */ - public static final String getDefaultAlgorithm() { - return AccessController.doPrivileged(new PrivilegedAction<String>() { - public String run() { - return Security.getProperty(PROPERTYNAME); - } - }); - } - - /** - * Creates a new {@code TrustManagerFactory} instance for the specified - * trust management algorithm. - * - * @param algorithm - * the name of the requested trust management algorithm. - * @return a trust manager factory for the requested algorithm. - * @throws NoSuchAlgorithmException - * if no installed provider can provide the requested algorithm. - * @throws NullPointerException - * if {@code algorithm} is {@code null} (instead of - * NoSuchAlgorithmException as in 1.4 release) - */ - public static final TrustManagerFactory getInstance(String algorithm) - throws NoSuchAlgorithmException { - if (algorithm == null) { - throw new NullPointerException("algorithm is null"); - } - synchronized (engine) { - engine.getInstance(algorithm, null); - return new TrustManagerFactory((TrustManagerFactorySpi) engine.spi, engine.provider, - algorithm); - } - } - - /** - * Creates a new {@code TrustManagerFactory} instance for the specified - * trust management algorithm from the specified provider. - * - * @param algorithm - * the name of the requested trust management algorithm name. - * @param provider - * the name of the provider that provides the requested - * algorithm. - * @return a trust manager factory for the requested algorithm. - * @throws NoSuchAlgorithmException - * if the specified provider cannot provide the requested - * algorithm. - * @throws NoSuchProviderException - * if the specified provider does not exist. - * @throws NullPointerException - * if {@code algorithm} is {@code null} (instead of - * NoSuchAlgorithmException as in 1.4 release) - */ - public static final TrustManagerFactory getInstance(String algorithm, String provider) - throws NoSuchAlgorithmException, NoSuchProviderException { - if ((provider == null) || (provider.length() == 0)) { - throw new IllegalArgumentException("Provider is null oe empty"); - } - Provider impProvider = Security.getProvider(provider); - if (impProvider == null) { - throw new NoSuchProviderException(provider); - } - return getInstance(algorithm, impProvider); - } - - /** - * Creates a new {@code TrustManagerFactory} instance for the specified - * trust management algorithm from the specified provider. - * - * @param algorithm - * the name of the requested key management algorithm name. - * @param provider - * the provider that provides the requested algorithm. - * @return a key manager factory for the requested algorithm. - * @throws NoSuchAlgorithmException - * if the specified provider cannot provide the requested - * algorithm. - * @throws NullPointerException - * if {@code algorithm} is {@code null} (instead of - * NoSuchAlgorithmException as in 1.4 release) - */ - public static final TrustManagerFactory getInstance(String algorithm, Provider provider) - throws NoSuchAlgorithmException { - if (provider == null) { - throw new IllegalArgumentException("Provider is null"); - } - if (algorithm == null) { - throw new NullPointerException("algorithm is null"); - } - synchronized (engine) { - engine.getInstance(algorithm, provider, null); - return new TrustManagerFactory((TrustManagerFactorySpi) engine.spi, provider, algorithm); - } - } - - // Store used provider - private final Provider provider; - - // Store used TrustManagerFactorySpi implementation - private final TrustManagerFactorySpi spiImpl; - - // Store used algorithm - private final String algorithm; - - /** - * Creates a new {@code TrustManagerFactory} instance. - * - * @param factorySpi - * the implementation delegate. - * @param provider - * the provider - * @param algorithm - * the algorithm name. - */ - protected TrustManagerFactory(TrustManagerFactorySpi factorySpi, Provider provider, - String algorithm) { - this.provider = provider; - this.algorithm = algorithm; - this.spiImpl = factorySpi; - } - - /** - * Returns the name of this {@code TrustManagerFactory} algorithm - * implementation. - * - * @return the name of this {@code TrustManagerFactory} algorithm - * implementation. - */ - public final String getAlgorithm() { - return algorithm; - } - - /** - * Returns the provider for this {@code TrustManagerFactory} instance. - * - * @return the provider for this {@code TrustManagerFactory} instance. - */ - public final Provider getProvider() { - return provider; - } - - /** - * Initializes this factory instance with the specified keystore as source - * of certificate authorities and trust material. - * - * @param ks - * the keystore or {@code null}. - * @throws KeyStoreException - * if the initialization fails. - */ - public final void init(KeyStore ks) throws KeyStoreException { - spiImpl.engineInit(ks); - } - - /** - * Initializes this factory instance with the specified provider-specific - * parameters for a source of trust material. - * - * @param spec - * the provider-specific parameters. - * @throws InvalidAlgorithmParameterException - * if the initialization fails. - */ - public final void init(ManagerFactoryParameters spec) throws InvalidAlgorithmParameterException { - spiImpl.engineInit(spec); - } - - /** - * Returns the list of {@code TrustManager}s with one entry for each type - * of trust material. - * - * @return the list of {@code TrustManager}s - */ - public final TrustManager[] getTrustManagers() { - return spiImpl.engineGetTrustManagers(); - } - -} diff --git a/x-net/src/main/java/javax/net/ssl/TrustManagerFactorySpi.java b/x-net/src/main/java/javax/net/ssl/TrustManagerFactorySpi.java deleted file mode 100644 index 1b04c5b..0000000 --- a/x-net/src/main/java/javax/net/ssl/TrustManagerFactorySpi.java +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -import java.security.InvalidAlgorithmParameterException; -import java.security.KeyStore; -import java.security.KeyStoreException; - -/** - * The <i>Service Provider Interface</i> (SPI) for the - * {@code TrustManagerFactory} class. - */ -public abstract class TrustManagerFactorySpi { - - /** - * Creates a new {@code TrustManagerFactorySpi} instance. - */ - public TrustManagerFactorySpi() { - super(); - } - - /** - * Initializes this factory instance with the specified keystore as source - * of certificate authorities and trust material. - * - * @param ks - * the keystore or {@code null}. - * @throws KeyStoreException - * if the initialization fails. - */ - protected abstract void engineInit(KeyStore ks) throws KeyStoreException; - - /** - * Initializes this factory instance with the specified provider-specific - * parameters for a source of trust material. - * - * @param spec - * the provider-specific parameters. - * @throws InvalidAlgorithmParameterException - * if the initialization fails. - */ - protected abstract void engineInit(ManagerFactoryParameters spec) - throws InvalidAlgorithmParameterException; - - /** - * Returns the list of {@code TrustManager}s with one entry for each type - * of trust material. - * - * @return the list of {@code TrustManager}s - */ - protected abstract TrustManager[] engineGetTrustManagers(); -} diff --git a/x-net/src/main/java/javax/net/ssl/X509ExtendedKeyManager.java b/x-net/src/main/java/javax/net/ssl/X509ExtendedKeyManager.java deleted file mode 100644 index 3298d8e..0000000 --- a/x-net/src/main/java/javax/net/ssl/X509ExtendedKeyManager.java +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -import java.security.Principal; - -/** - * The abstract extension for the {@code X509KeyManager} interface. - */ -public abstract class X509ExtendedKeyManager implements X509KeyManager { - - /** - * To be used by subclasses only. - * <p> - * Creates a new {@code X509ExtendedKeyManager} instance. - */ - protected X509ExtendedKeyManager() { - super(); - } - - /** - * Chooses an alias for the client side of an SSL connection to authenticate - * it with the specified public key type and certificate issuers. - * - * @param keyType - * the list of public key algorithm names. - * @param issuers - * the list of certificate issuers, or {@code null} if any issuer - * will do. - * @param engine - * the {@code SSLEngine} for the connection, or {@code null} if - * no engine is predefined. - * @return the alias name of a matching key or {@code null} if there are no - * matches. - */ - public String chooseEngineClientAlias(String[] keyType, - Principal[] issuers, SSLEngine engine) { - return null; - } - - /** - * Chooses an alias for the server side of an SSL connection to authenticate - * it with the specified public key type and certificate issuers. - * - * @param keyType - * the list of public key algorithm names. - * @param issuers - * the list of certificate issuers, or {@code null} if any issuer - * will do. - * @param engine - * the {@code SSLEngine} for the connection, or {@code null} if - * no engine is predefined. - * @return the alias name of a matching key or {@code null} if there are no - * matches. - */ - public String chooseEngineServerAlias(String keyType, Principal[] issuers, - SSLEngine engine) { - return null; - } - -} diff --git a/x-net/src/main/java/javax/net/ssl/X509KeyManager.java b/x-net/src/main/java/javax/net/ssl/X509KeyManager.java deleted file mode 100644 index aebc427..0000000 --- a/x-net/src/main/java/javax/net/ssl/X509KeyManager.java +++ /dev/null @@ -1,113 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -import java.net.Socket; -import java.security.Principal; -import java.security.PrivateKey; -import java.security.cert.X509Certificate; - -/** - * A Key Manager for X509 certificate-based key pairs. - */ -public interface X509KeyManager extends KeyManager { - - /** - * Chooses an alias for the client side of an SSL connection to authenticate - * it with the specified public key type and certificate issuers. - * - * @param keyType - * the list of public key algorithm names. - * @param issuers - * the list of certificate issuers, or {@code null} if any issuer - * will do. - * @param socket - * the socket for the connection, or {@code null} if - * the alias selected does not depend on a specific socket. - * @return the alias name of a matching key or {@code null} if there are no - * matches. - */ - public String chooseClientAlias(String[] keyType, Principal[] issuers, - Socket socket); - - /** - * Chooses an alias for the server side of an SSL connection to authenticate - * it with the specified public key type and certificate issuers. - * - * @param keyType - * the list of public key algorithm type names. - * @param issuers - * the list of certificate issuers, or {@code null} if any issuer - * will do. - * @param socket - * the socket for the connection, or {@code null} if - * the alias selected does not depend on a specific socket. - * @return the alias name of a matching key or {@code null} if there are no - * matches. - */ - public String chooseServerAlias(String keyType, Principal[] issuers, - Socket socket); - - /** - * Returns the certificate chain for the specified alias. - * - * @param alias - * the alias to get the certificate chain for. - * @return the certificate chain for the specified alias, or {@code null} if - * the alias cannot be found. - */ - public X509Certificate[] getCertificateChain(String alias); - - /** - * Returns the client aliases for the specified public key type and list of - * certificate issuers. - * - * @param keyType - * the public key algorithm type name. - * @param issuers - * the list of certificate issuers, or {@code null} if any issuer - * will do. - * @return the client aliases for the specified public key type, or - * {@code null} if there are no matching aliases. - */ - public String[] getClientAliases(String keyType, Principal[] issuers); - - /** - * Returns the server aliases for the specified public key type and list of - * certificate issuers. - * - * @param keyType - * the public key algorithm type name. - * @param issuers - * the list of certificate issuers, or {@code null} if any issuer - * will do. - * @return the client aliases for the specified public key type, or - * {@code null} if there are no matching aliases. - */ - public String[] getServerAliases(String keyType, Principal[] issuers); - - /** - * Returns the private key for the specified alias. - * - * @param alias - * the alias to get the private key for. - * @return the private key for the specified alias, or {@code null} if the - * alias cannot be found. - */ - public PrivateKey getPrivateKey(String alias); -} diff --git a/x-net/src/main/java/javax/net/ssl/X509TrustManager.java b/x-net/src/main/java/javax/net/ssl/X509TrustManager.java deleted file mode 100644 index 7d7827e..0000000 --- a/x-net/src/main/java/javax/net/ssl/X509TrustManager.java +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package javax.net.ssl; - -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; - -/** - * The trust manager for X509 certificates to be used to perform authentication - * for secure sockets. - */ -public interface X509TrustManager extends TrustManager { - - /** - * Checks whether the specified certificate chain (partial or complete) can - * be validated and is trusted for client authentication for the specified - * authentication type. - * - * @param chain - * the certificate chain to validate. - * @param authType - * the authentication type used. - * @throws CertificateException - * if the certificate chain can't be validated or isn't trusted. - * @throws IllegalArgumentException - * if the specified certificate chain is empty or {@code null}, - * or if the specified authentication type is {@code null} or an - * empty string. - */ - public void checkClientTrusted(X509Certificate[] chain, String authType) - throws CertificateException; - - - /** - * Checks whether the specified certificate chain (partial or complete) can - * be validated and is trusted for server authentication for the specified - * key exchange algorithm. - * - * @param chain - * the certificate chain to validate. - * @param authType - * the key exchange algorithm name. - * @throws CertificateException - * if the certificate chain can't be validated or isn't trusted. - * @throws IllegalArgumentException - * if the specified certificate chain is empty or {@code null}, - * or if the specified authentication type is {@code null} or an - * empty string. - */ - public void checkServerTrusted(X509Certificate[] chain, String authType) - throws CertificateException; - - /** - * Returns the list of certificate issuer authorities which are trusted for - * authentication of peers. - * - * @return the list of certificate issuer authorities which are trusted for - * authentication of peers. - */ - public X509Certificate[] getAcceptedIssuers(); -} diff --git a/x-net/src/main/java/javax/net/ssl/package.html b/x-net/src/main/java/javax/net/ssl/package.html deleted file mode 100644 index 14753c8..0000000 --- a/x-net/src/main/java/javax/net/ssl/package.html +++ /dev/null @@ -1,20 +0,0 @@ -<html> -<head> -<meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> -</head> -<html> -<body> -<p> -This package provides all the classes and interfaces needed to implement and program the Secure Socket -abstraction based on the SSL protocol SSSLv3.0 or TLSv1.2. -All the details of the SSL handshake protocol are accounted for, and a client or a server can specify the cipher -set to use. - -X.509 certificates are verified, and, if desired, the client and the server each have the option of verifying -the entire certificate chain until the root Certificate Authority is reached. - -Android uses code from The Legion of the Bouncy Castle (http://www.bouncycastle.org) and OpenSSL (http://openssl.org). - -</p> -</body> -</html> |