1adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project/* 2adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Licensed to the Apache Software Foundation (ASF) under one or more 3adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * contributor license agreements. See the NOTICE file distributed with 4adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * this work for additional information regarding copyright ownership. 5adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * The ASF licenses this file to You under the Apache License, Version 2.0 6adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * (the "License"); you may not use this file except in compliance with 7adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the License. You may obtain a copy of the License at 8adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * 9adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * http://www.apache.org/licenses/LICENSE-2.0 10adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * 11adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Unless required by applicable law or agreed to in writing, software 12adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * distributed under the License is distributed on an "AS IS" BASIS, 13adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * See the License for the specific language governing permissions and 15adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * limitations under the License. 16adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 17adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 18adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectpackage javax.net.ssl; 19adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 20018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilsonimport java.io.IOException; 21adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport java.security.KeyManagementException; 22adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectimport java.security.SecureRandom; 23adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 24adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project/** 25adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * The <i>Service Provider Interface</i> (SPI) for the {@code SSLContext} class. 26adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 27adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Projectpublic abstract class SSLContextSpi { 28adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 29adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 30adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Creates a new {@code SSLContextSpi} instance. 31adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 32adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project public SSLContextSpi() { 33adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project } 34adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 35adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 36adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Initializes this {@code SSLContext} instance. All of the arguments are 37adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * optional, and the security providers will be searched for the required 38adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * implementations of the needed algorithms. 39f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson * 40adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param km 41adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the key sources or {@code null}. 42adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param tm 43adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the trust decision sources or {@code null}. 44adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param sr 45adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the randomness source or {@code null.} 46adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws KeyManagementException 47adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if initializing this instance fails. 48f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson */ 49f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson protected abstract void engineInit(KeyManager[] km, TrustManager[] tm, SecureRandom sr) 50f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson throws KeyManagementException; 51adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 52adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 53adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Returns a socket factory for this instance. 54f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson * 55adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @return a socket factory for this instance. 56adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 57adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project protected abstract SSLSocketFactory engineGetSocketFactory(); 58adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 59adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 60adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Returns a server socket factory for this instance. 61f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson * 62adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @return a server socket factory for this instance. 63adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 64adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project protected abstract SSLServerSocketFactory engineGetServerSocketFactory(); 65adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 66adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 67adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Creates an {@code SSLEngine} instance from this context with the 68adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * specified hostname and port. 69f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson * 70adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param host 71adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the name of the host 72adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @param port 73adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the port 74adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @return an {@code SSLEngine} instance from this context. 75adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws UnsupportedOperationException 76adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if the provider does not support the operation. 77adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 78adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project protected abstract SSLEngine engineCreateSSLEngine(String host, int port); 79adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 80adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 81adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Creates an {@code SSLEngine} instance from this context. 82f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson * 83adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @return an {@code SSLEngine} instance from this context. 84adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @throws UnsupportedOperationException 85adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if the provider does not support the operation. 86adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 87adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project protected abstract SSLEngine engineCreateSSLEngine(); 88adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 89adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 90adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Returns the SSL session context that encapsulates the set of SSL sessions 91adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * that can be used for the server side of the SSL handshake. 92f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson * 93adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @return the SSL server session context for this context or {@code null} 94adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if the underlying provider does not provide an implementation of 95adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the {@code SSLSessionContext} interface. 96adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 97adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project protected abstract SSLSessionContext engineGetServerSessionContext(); 98adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 99adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project /** 100adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * Returns the SSL session context that encapsulates the set of SSL sessions 101adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * that can be used for the client side of the SSL handshake. 102f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson * 103adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * @return the SSL client session context for this context or {@code null} 104adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * if the underlying provider does not provide an implementation of 105adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project * the {@code SSLSessionContext} interface. 106adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project */ 107adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project protected abstract SSLSessionContext engineGetClientSessionContext(); 108adc854b798c1cfe3bfd4c27d68d5cee38ca617daThe Android Open Source Project 1090c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 1100c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom /** 1110c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom * Returns a new SSLParameters instance that includes the default 1120c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom * SSL handshake parameters values including cipher suites, 1130c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom * protocols, and client authentication. 1140c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom * 115018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson * <p>The default implementation returns an SSLParameters with values 1160c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom * based an SSLSocket created from this instances SocketFactory. 1170c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom * 1180c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom * @since 1.6 1190c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom */ 120018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson protected javax.net.ssl.SSLParameters engineGetDefaultSSLParameters() { 121018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson return createSSLParameters(false); 122018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson } 1230c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom 1240c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom /** 1250c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom * Returns a new SSLParameters instance that includes all 1260c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom * supported cipher suites and protocols. 1270c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom * 128018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson * <p>The default implementation returns an SSLParameters with values 1290c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom * based an SSLSocket created from this instances SocketFactory. 1300c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom * 1310c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom * @since 1.6 1320c131a2ca38465b7d1df4eaee63ac73ce4d5986dBrian Carlstrom */ 133018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson protected javax.net.ssl.SSLParameters engineGetSupportedSSLParameters() { 134018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson return createSSLParameters(true); 135018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson } 136018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson 137018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson private javax.net.ssl.SSLParameters createSSLParameters(boolean supported) { 138018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson try { 139018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson SSLSocket s = (SSLSocket) engineGetSocketFactory().createSocket(); 140018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson javax.net.ssl.SSLParameters p = new javax.net.ssl.SSLParameters(); 141018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson String[] cipherSuites; 142018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson String[] protocols; 143018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson if (supported) { 144018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson cipherSuites = s.getSupportedCipherSuites(); 145018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson protocols = s.getSupportedProtocols(); 146018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson } else { 147018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson cipherSuites = s.getEnabledCipherSuites(); 148018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson protocols = s.getEnabledProtocols(); 149018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson } 150018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson p.setCipherSuites(cipherSuites); 151018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson p.setProtocols(protocols); 152018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson p.setNeedClientAuth(s.getNeedClientAuth()); 153018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson p.setWantClientAuth(s.getWantClientAuth()); 154018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson return p; 155018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson } catch (IOException e) { 156018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson /* 157018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson * SSLContext.getDefaultSSLParameters specifies to throw 158018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson * UnsupportedOperationException if there is a problem getting the 159018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson * parameters 160018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson */ 161018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson throw new UnsupportedOperationException("Could not access supported SSL parameters"); 162018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson } 163018b67accb28954d35f3cd697be3428e9b45b7d8Jesse Wilson } 164f921579f87fa63204b4a4bef39ed27e7835aec45Jesse Wilson} 165