151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski/* 251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Copyright (c) 1997, 2010, Oracle and/or its affiliates. All rights reserved. 351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This code is free software; you can redistribute it and/or modify it 651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * under the terms of the GNU General Public License version 2 only, as 751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * published by the Free Software Foundation. Oracle designates this 851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * particular file as subject to the "Classpath" exception as provided 951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * by Oracle in the LICENSE file that accompanied this code. 1051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 1151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This code is distributed in the hope that it will be useful, but WITHOUT 1251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 1351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 1451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * version 2 for more details (a copy is included in the LICENSE file that 1551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * accompanied this code). 1651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 1751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * You should have received a copy of the GNU General Public License version 1851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 2 along with this work; if not, write to the Free Software Foundation, 1951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 2151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * or visit www.oracle.com if you need additional information or have any 2351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * questions. 2451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 2551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 2651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 2751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskipackage javax.net.ssl; 2851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 2951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.io.*; 3051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.net.*; 3151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 3251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 3351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski/** 3451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This class extends <code>ServerSocket</code>s and 3551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * provides secure server sockets using protocols such as the Secure 3651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Sockets Layer (SSL) or Transport Layer Security (TLS) protocols. 3751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 3851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Instances of this class are generally created using a 3951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <code>SSLServerSocketFactory</code>. The primary function 4051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * of <code>SSLServerSocket</code>s 4151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * is to create <code>SSLSocket</code>s by <code>accept</code>ing 4251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * connections. 4351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 4451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <code>SSLServerSocket</code>s contain several pieces of state data 4551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * which are inherited by the <code>SSLSocket</code> at 4651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * socket creation. These include the enabled cipher 4751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * suites and protocols, whether client 4851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * authentication is necessary, and whether created sockets should 4951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * begin handshaking in client or server mode. The state 5051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * inherited by the created <code>SSLSocket</code> can be 5151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * overriden by calling the appropriate methods. 5251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 5351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see java.net.ServerSocket 5451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see SSLSocket 5551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 5651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @since 1.4 5751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @author David Brownell 5851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 5951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskipublic abstract class SSLServerSocket extends ServerSocket { 6051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 6151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 6251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Used only by subclasses. 6351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 6451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Create an unbound TCP server socket using the default authentication 6551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * context. 6651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 6751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @throws IOException if an I/O error occurs when creating the socket 6851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 6951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski protected SSLServerSocket() 7051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throws IOException 7151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski { super(); } 7251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 7351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 7451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 7551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Used only by subclasses. 7651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 7751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Create a TCP server socket on a port, using the default 7851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * authentication context. The connection backlog defaults to 7951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * fifty connections queued up before the system starts to 8051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * reject new connection requests. 8151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 8251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * A port number of <code>0</code> creates a socket on any free port. 8351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 8451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * If there is a security manager, its <code>checkListen</code> 8551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * method is called with the <code>port</code> argument as its 8651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * argument to ensure the operation is allowed. This could result 8751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * in a SecurityException. 8851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 8951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param port the port on which to listen 9051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @throws IOException if an I/O error occurs when creating the socket 9151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @throws SecurityException if a security manager exists and its 9251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <code>checkListen</code> method doesn't allow the operation. 9351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @throws IllegalArgumentException if the port parameter is outside the 9451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * specified range of valid port values, which is between 0 and 9551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 65535, inclusive. 9651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see SecurityManager#checkListen 9751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 9851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski protected SSLServerSocket(int port) 9951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throws IOException 10051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski { super(port); } 10151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 10251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 10351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 10451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Used only by subclasses. 10551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 10651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Create a TCP server socket on a port, using the default 10751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * authentication context and a specified backlog of connections. 10851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 10951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * A port number of <code>0</code> creates a socket on any free port. 11051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 11151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The <code>backlog</code> argument is the requested maximum number of 11251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * pending connections on the socket. Its exact semantics are implementation 11351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * specific. In particular, an implementation may impose a maximum length 11451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * or may choose to ignore the parameter altogther. The value provided 11551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * should be greater than <code>0</code>. If it is less than or equal to 11651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <code>0</code>, then an implementation specific default will be used. 11751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 11851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * If there is a security manager, its <code>checkListen</code> 11951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * method is called with the <code>port</code> argument as its 12051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * argument to ensure the operation is allowed. This could result 12151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * in a SecurityException. 12251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 12351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param port the port on which to listen 12451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param backlog requested maximum length of the queue of incoming 12551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * connections. 12651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @throws IOException if an I/O error occurs when creating the socket 12751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @throws SecurityException if a security manager exists and its 12851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <code>checkListen</code> method doesn't allow the operation. 12951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @throws IllegalArgumentException if the port parameter is outside the 13051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * specified range of valid port values, which is between 0 and 13151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 65535, inclusive. 13251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see SecurityManager#checkListen 13351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 13451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski protected SSLServerSocket(int port, int backlog) 13551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throws IOException 13651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski { super(port, backlog); } 13751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 13851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 13951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 14051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Used only by subclasses. 14151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 14251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Create a TCP server socket on a port, using the default 14351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * authentication context and a specified backlog of connections 14451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * as well as a particular specified network interface. This 14551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * constructor is used on multihomed hosts, such as those used 14651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * for firewalls or as routers, to control through which interface 14751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * a network service is provided. 14851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 14951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * If there is a security manager, its <code>checkListen</code> 15051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * method is called with the <code>port</code> argument as its 15151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * argument to ensure the operation is allowed. This could result 15251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * in a SecurityException. 15351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 15451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * A port number of <code>0</code> creates a socket on any free port. 15551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 15651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The <code>backlog</code> argument is the requested maximum number of 15751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * pending connections on the socket. Its exact semantics are implementation 15851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * specific. In particular, an implementation may impose a maximum length 15951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * or may choose to ignore the parameter altogther. The value provided 16051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * should be greater than <code>0</code>. If it is less than or equal to 16151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <code>0</code>, then an implementation specific default will be used. 16251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 16351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * If <i>address</i> is null, it will default accepting connections 16451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * on any/all local addresses. 16551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 16651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param port the port on which to listen 16751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param backlog requested maximum length of the queue of incoming 16851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * connections. 16951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param address the address of the network interface through 17051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * which connections will be accepted 17151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @throws IOException if an I/O error occurs when creating the socket 17251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @throws SecurityException if a security manager exists and its 17351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <code>checkListen</code> method doesn't allow the operation. 17451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @throws IllegalArgumentException if the port parameter is outside the 17551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * specified range of valid port values, which is between 0 and 17651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 65535, inclusive. 17751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see SecurityManager#checkListen 17851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 17951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski protected SSLServerSocket(int port, int backlog, InetAddress address) 18051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throws IOException 18151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski { super(port, backlog, address); } 18251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 18351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 18451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 18551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 18651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns the list of cipher suites which are currently enabled 18751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * for use by newly accepted connections. 18851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 18951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * If this list has not been explicitly modified, a system-provided 19051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * default guarantees a minimum quality of service in all enabled 19151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * cipher suites. 19251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 19351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * There are several reasons why an enabled cipher suite might 19451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * not actually be used. For example: the server socket might 19551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * not have appropriate private keys available to it or the cipher 19651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * suite might be anonymous, precluding the use of client authentication, 19751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * while the server socket has been told to require that sort of 19851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * authentication. 19951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 20051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return an array of cipher suites enabled 20151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #getSupportedCipherSuites() 20251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #setEnabledCipherSuites(String []) 20351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 20451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract String [] getEnabledCipherSuites(); 20551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 20651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 20751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 20851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Sets the cipher suites enabled for use by accepted connections. 20951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 21051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The cipher suites must have been listed by getSupportedCipherSuites() 21151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * as being supported. Following a successful call to this method, 21251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * only suites listed in the <code>suites</code> parameter are enabled 21351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * for use. 21451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 21551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Suites that require authentication information which is not available 21651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * in this ServerSocket's authentication context will not be used 21751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * in any case, even if they are enabled. 21851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 21951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <code>SSLSocket</code>s returned from <code>accept()</code> 22051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * inherit this setting. 22151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 22251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param suites Names of all the cipher suites to enable 22351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception IllegalArgumentException when one or more of ciphers 22451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * named by the parameter is not supported, or when 22551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the parameter is null. 22651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #getSupportedCipherSuites() 22751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #getEnabledCipherSuites() 22851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 22951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract void setEnabledCipherSuites(String suites []); 23051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 23151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 23251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 23351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns the names of the cipher suites which could be enabled for use 23451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * on an SSL connection. 23551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 23651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Normally, only a subset of these will actually 23751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * be enabled by default, since this list may include cipher suites which 23851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * do not meet quality of service requirements for those defaults. Such 23951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * cipher suites are useful in specialized applications. 24051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 24151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return an array of cipher suite names 24251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #getEnabledCipherSuites() 24351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #setEnabledCipherSuites(String []) 24451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 24551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract String [] getSupportedCipherSuites(); 24651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 24751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 24851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 24951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns the names of the protocols which could be enabled for use. 25051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 25151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return an array of protocol names supported 25251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #getEnabledProtocols() 25351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #setEnabledProtocols(String []) 25451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 25551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract String [] getSupportedProtocols(); 25651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 25751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 25851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 25951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns the names of the protocols which are currently 26051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * enabled for use by the newly accepted connections. 26151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 26251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return an array of protocol names 26351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #getSupportedProtocols() 26451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #setEnabledProtocols(String []) 26551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 26651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract String [] getEnabledProtocols(); 26751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 26851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 26951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 27051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Controls which particular protocols are enabled for use by 27151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * accepted connections. 27251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 27351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The protocols must have been listed by 27451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * getSupportedProtocols() as being supported. 27551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Following a successful call to this method, only protocols listed 27651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * in the <code>protocols</code> parameter are enabled for use. 27751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 27851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <code>SSLSocket</code>s returned from <code>accept()</code> 27951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * inherit this setting. 28051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 28151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param protocols Names of all the protocols to enable. 28251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception IllegalArgumentException when one or more of 28351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the protocols named by the parameter is not supported or 28451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * when the protocols parameter is null. 28551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #getEnabledProtocols() 28651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #getSupportedProtocols() 28751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 28851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract void setEnabledProtocols(String protocols[]); 28951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 29051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 29151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 29251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Controls whether <code>accept</code>ed server-mode 29351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <code>SSLSockets</code> will be initially configured to 29451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <i>require</i> client authentication. 29551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 29651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * A socket's client authentication setting is one of the following: 29751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <ul> 29851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <li> client authentication required 29951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <li> client authentication requested 30051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <li> no client authentication desired 30151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * </ul> 30251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 30351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Unlike {@link #setWantClientAuth(boolean)}, if the accepted 30451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * socket's option is set and the client chooses not to provide 30551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * authentication information about itself, <i>the negotiations 30651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * will stop and the connection will be dropped</i>. 30751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 30851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Calling this method overrides any previous setting made by 30951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * this method or {@link #setWantClientAuth(boolean)}. 31051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 31151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The initial inherited setting may be overridden by calling 31251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * {@link SSLSocket#setNeedClientAuth(boolean)} or 31351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * {@link SSLSocket#setWantClientAuth(boolean)}. 31451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 31551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param need set to true if client authentication is required, 31651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * or false if no client authentication is desired. 31751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #getNeedClientAuth() 31851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #setWantClientAuth(boolean) 31951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #getWantClientAuth() 32051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #setUseClientMode(boolean) 32151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 32251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract void setNeedClientAuth(boolean need); 32351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 32451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 32551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 32651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns true if client authentication will be <i>required</i> on 32751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * newly <code>accept</code>ed server-mode <code>SSLSocket</code>s. 32851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 32951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The initial inherited setting may be overridden by calling 33051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * {@link SSLSocket#setNeedClientAuth(boolean)} or 33151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * {@link SSLSocket#setWantClientAuth(boolean)}. 33251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 33351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return true if client authentication is required, 33451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * or false if no client authentication is desired. 33551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #setNeedClientAuth(boolean) 33651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #setWantClientAuth(boolean) 33751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #getWantClientAuth() 33851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #setUseClientMode(boolean) 33951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 34051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract boolean getNeedClientAuth(); 34151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 34251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 34351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 34451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Controls whether <code>accept</code>ed server-mode 34551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <code>SSLSockets</code> will be initially configured to 34651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <i>request</i> client authentication. 34751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 34851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * A socket's client authentication setting is one of the following: 34951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <ul> 35051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <li> client authentication required 35151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <li> client authentication requested 35251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <li> no client authentication desired 35351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * </ul> 35451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 35551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Unlike {@link #setNeedClientAuth(boolean)}, if the accepted 35651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * socket's option is set and the client chooses not to provide 35751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * authentication information about itself, <i>the negotiations 35851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * will continue</i>. 35951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 36051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Calling this method overrides any previous setting made by 36151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * this method or {@link #setNeedClientAuth(boolean)}. 36251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 36351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The initial inherited setting may be overridden by calling 36451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * {@link SSLSocket#setNeedClientAuth(boolean)} or 36551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * {@link SSLSocket#setWantClientAuth(boolean)}. 36651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 36751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param want set to true if client authentication is requested, 36851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * or false if no client authentication is desired. 36951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #getWantClientAuth() 37051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #setNeedClientAuth(boolean) 37151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #getNeedClientAuth() 37251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #setUseClientMode(boolean) 37351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 37451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract void setWantClientAuth(boolean want); 37551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 37651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 37751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 37851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns true if client authentication will be <i>requested</i> on 37951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * newly accepted server-mode connections. 38051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 38151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The initial inherited setting may be overridden by calling 38251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * {@link SSLSocket#setNeedClientAuth(boolean)} or 38351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * {@link SSLSocket#setWantClientAuth(boolean)}. 38451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 38551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return true if client authentication is requested, 38651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * or false if no client authentication is desired. 38751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #setWantClientAuth(boolean) 38851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #setNeedClientAuth(boolean) 38951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #getNeedClientAuth() 39051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #setUseClientMode(boolean) 39151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 39251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract boolean getWantClientAuth(); 39351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 39451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 39551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 39651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Controls whether accepted connections are in the (default) SSL 39751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * server mode, or the SSL client mode. 39851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 39951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Servers normally authenticate themselves, and clients are not 40051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * required to do so. 40151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 40251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * In rare cases, TCP servers 40351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * need to act in the SSL client mode on newly accepted 40451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * connections. For example, FTP clients acquire server sockets 40551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * and listen there for reverse connections from the server. An 40651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * FTP client would use an SSLServerSocket in "client" mode to 40751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * accept the reverse connection while the FTP server uses an 40851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * SSLSocket with "client" mode disabled to initiate the 40951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * connection. During the resulting handshake, existing SSL 41051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * sessions may be reused. 41151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 41251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <code>SSLSocket</code>s returned from <code>accept()</code> 41351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * inherit this setting. 41451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 41551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param mode true if newly accepted connections should use SSL 41651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * client mode. 41751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #getUseClientMode() 41851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 41951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract void setUseClientMode(boolean mode); 42051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 42151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 42251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 42351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns true if accepted connections will be in SSL client mode. 42451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 42551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #setUseClientMode(boolean) 42651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return true if the connection should use SSL client mode. 42751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 42851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract boolean getUseClientMode(); 42951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 43051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 43151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 43251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Controls whether new SSL sessions may be established by the 43351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * sockets which are created from this server socket. 43451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <P> 43551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <code>SSLSocket</code>s returned from <code>accept()</code> 43651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * inherit this setting. 43751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 43851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param flag true indicates that sessions may be created; this 43951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * is the default. false indicates that an existing session 44051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * must be resumed. 44151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #getEnableSessionCreation() 44251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 44351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract void setEnableSessionCreation(boolean flag); 44451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 44551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 44651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 44751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns true if new SSL sessions may be established by the 44851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * sockets which are created from this server socket. 44951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 45051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return true indicates that sessions may be created; this 45151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * is the default. false indicates that an existing 45251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * session must be resumed 45351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #setEnableSessionCreation(boolean) 45451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 45551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract boolean getEnableSessionCreation(); 45651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 45751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 45851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns the SSLParameters in effect for newly accepted connections. 45951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The ciphersuites and protocols of the returned SSLParameters 46051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * are always non-null. 46151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 46251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the SSLParameters in effect for newly accepted connections 46351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 46451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #setSSLParameters(SSLParameters) 46551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 46651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @since 1.7 46751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 46851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public SSLParameters getSSLParameters() { 46951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski SSLParameters parameters = new SSLParameters(); 47051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 47151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski parameters.setCipherSuites(getEnabledCipherSuites()); 47251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski parameters.setProtocols(getEnabledProtocols()); 47351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (getNeedClientAuth()) { 47451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski parameters.setNeedClientAuth(true); 47551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } else if (getWantClientAuth()) { 47651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski parameters.setWantClientAuth(true); 47751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 47851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 47951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return parameters; 48051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 48151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 48251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 48351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Applies SSLParameters to newly accepted connections. 48451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 48551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>This means: 48651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <ul> 48751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <li>if <code>params.getCipherSuites()</code> is non-null, 48851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <code>setEnabledCipherSuites()</code> is called with that value 48951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <li>if <code>params.getProtocols()</code> is non-null, 49051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <code>setEnabledProtocols()</code> is called with that value 49151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <li>if <code>params.getNeedClientAuth()</code> or 49251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <code>params.getWantClientAuth()</code> return <code>true</code>, 49351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <code>setNeedClientAuth(true)</code> and 49451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <code>setWantClientAuth(true)</code> are called, respectively; 49551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * otherwise <code>setWantClientAuth(false)</code> is called. 49651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * </ul> 49751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 49851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param params the parameters 49951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @throws IllegalArgumentException if the setEnabledCipherSuites() or 50051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the setEnabledProtocols() call fails 50151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 50251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #getSSLParameters() 50351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 50451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @since 1.7 50551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 50651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public void setSSLParameters(SSLParameters params) { 50751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski String[] s; 50851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski s = params.getCipherSuites(); 50951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (s != null) { 51051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski setEnabledCipherSuites(s); 51151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 51251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 51351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski s = params.getProtocols(); 51451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (s != null) { 51551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski setEnabledProtocols(s); 51651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 51751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 51851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (params.getNeedClientAuth()) { 51951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski setNeedClientAuth(true); 52051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } else if (params.getWantClientAuth()) { 52151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski setWantClientAuth(true); 52251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } else { 52351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski setWantClientAuth(false); 52451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 52551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 52651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 52751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski} 528