| The Android Open Source Project | adc854b | 2009-03-03 19:28:47 -0800 | [diff] [blame] | 1 | /* |
| 2 | * Licensed to the Apache Software Foundation (ASF) under one or more |
| 3 | * contributor license agreements. See the NOTICE file distributed with |
| 4 | * this work for additional information regarding copyright ownership. |
| 5 | * The ASF licenses this file to You under the Apache License, Version 2.0 |
| 6 | * (the "License"); you may not use this file except in compliance with |
| 7 | * the License. You may obtain a copy of the License at |
| 8 | * |
| 9 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 10 | * |
| 11 | * Unless required by applicable law or agreed to in writing, software |
| 12 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 14 | * See the License for the specific language governing permissions and |
| 15 | * limitations under the License. |
| 16 | */ |
| 17 | |
| The Android Open Source Project | adc854b | 2009-03-03 19:28:47 -0800 | [diff] [blame] | 18 | package org.apache.harmony.xnet.provider.jsse; |
| 19 | |
| 20 | import java.security.AccessController; |
| Jesse Wilson | f921579 | 2009-08-25 16:30:17 -0700 | [diff] [blame] | 21 | import java.security.PrivilegedAction; |
| The Android Open Source Project | adc854b | 2009-03-03 19:28:47 -0800 | [diff] [blame] | 22 | import java.security.Provider; |
| 23 | |
| 24 | /** |
| 25 | * JSSE Provider implementation. |
| Elliott Hughes | f33eae7 | 2010-05-13 12:36:25 -0700 | [diff] [blame] | 26 | * |
| The Android Open Source Project | adc854b | 2009-03-03 19:28:47 -0800 | [diff] [blame] | 27 | * This implementation is based on TLS v 1.0 and SSL v3 protocol specifications. |
| Elliott Hughes | f33eae7 | 2010-05-13 12:36:25 -0700 | [diff] [blame] | 28 | * |
| The Android Open Source Project | adc854b | 2009-03-03 19:28:47 -0800 | [diff] [blame] | 29 | * <ul> |
| 30 | * <li><a href="http://www.ietf.org/rfc/rfc2246.txt">TLS v 1.0 Protocol |
| 31 | * specification</a></li> |
| 32 | * <li><a href="http://wp.netscape.com/eng/ssl3">SSL v3 Protocol |
| 33 | * specification</a></li> |
| 34 | * </ul> |
| Elliott Hughes | f33eae7 | 2010-05-13 12:36:25 -0700 | [diff] [blame] | 35 | * |
| The Android Open Source Project | adc854b | 2009-03-03 19:28:47 -0800 | [diff] [blame] | 36 | * Provider implementation supports the following cipher suites: |
| 37 | * TLS_NULL_WITH_NULL_NULL |
| 38 | * TLS_RSA_WITH_NULL_MD5 |
| 39 | * TLS_RSA_WITH_NULL_SHA |
| 40 | * TLS_RSA_EXPORT_WITH_RC4_40_MD5 |
| 41 | * TLS_RSA_WITH_RC4_128_MD5 |
| 42 | * TLS_RSA_WITH_RC4_128_SHA |
| 43 | * TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 |
| 44 | * TLS_RSA_WITH_IDEA_CBC_SHA |
| 45 | * TLS_RSA_EXPORT_WITH_DES40_CBC_SHA |
| 46 | * TLS_RSA_WITH_DES_CBC_SHA |
| 47 | * TLS_RSA_WITH_3DES_EDE_CBC_SHA |
| 48 | * TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA |
| 49 | * TLS_DH_DSS_WITH_DES_CBC_SHA |
| 50 | * TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA |
| 51 | * TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA |
| 52 | * TLS_DH_RSA_WITH_DES_CBC_SHA |
| 53 | * TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA |
| 54 | * TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA |
| 55 | * TLS_DHE_DSS_WITH_DES_CBC_SHA |
| 56 | * TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA |
| 57 | * TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA |
| 58 | * TLS_DHE_RSA_WITH_DES_CBC_SHA |
| 59 | * TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA |
| 60 | * TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 |
| 61 | * TLS_DH_anon_WITH_RC4_128_MD5 |
| 62 | * TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA |
| 63 | * TLS_DH_anon_WITH_DES_CBC_SHA |
| 64 | * TLS_DH_anon_WITH_3DES_EDE_CBC_SHA |
| Elliott Hughes | f33eae7 | 2010-05-13 12:36:25 -0700 | [diff] [blame] | 65 | * |
| 66 | * The real set of available cipher suites depends on set of available |
| The Android Open Source Project | adc854b | 2009-03-03 19:28:47 -0800 | [diff] [blame] | 67 | * crypto algorithms. These algorithms must be provided by some crypto |
| 68 | * provider. |
| Elliott Hughes | f33eae7 | 2010-05-13 12:36:25 -0700 | [diff] [blame] | 69 | * |
| The Android Open Source Project | adc854b | 2009-03-03 19:28:47 -0800 | [diff] [blame] | 70 | * The following cipher algorithms are used by different cipher suites: |
| 71 | * IDEA/CBC/NoPadding |
| 72 | * RC2/CBC/NoPadding |
| 73 | * RC4 |
| 74 | * DES/CBC/NoPadding |
| 75 | * DES/CBC/NoPadding |
| 76 | * DESede/CBC/NoPadding |
| Elliott Hughes | f33eae7 | 2010-05-13 12:36:25 -0700 | [diff] [blame] | 77 | * |
| 78 | * Also the current JSSE provider implementation uses the following |
| The Android Open Source Project | adc854b | 2009-03-03 19:28:47 -0800 | [diff] [blame] | 79 | * crypto algorithms: |
| Elliott Hughes | f33eae7 | 2010-05-13 12:36:25 -0700 | [diff] [blame] | 80 | * |
| The Android Open Source Project | adc854b | 2009-03-03 19:28:47 -0800 | [diff] [blame] | 81 | * Algorithms that MUST be provided by crypto provider: |
| 82 | * Mac HmacMD5 |
| 83 | * Mac HmacSHA1 |
| 84 | * MessageDigest MD5 |
| 85 | * MessageDigest SHA-1 |
| 86 | * CertificateFactory X509 |
| Elliott Hughes | f33eae7 | 2010-05-13 12:36:25 -0700 | [diff] [blame] | 87 | * |
| The Android Open Source Project | adc854b | 2009-03-03 19:28:47 -0800 | [diff] [blame] | 88 | * The cipher suites with RSA key exchange may also require: |
| 89 | * Cipher RSA |
| 90 | * KeyPairGenerator RSA |
| 91 | * KeyFactory RSA |
| Elliott Hughes | f33eae7 | 2010-05-13 12:36:25 -0700 | [diff] [blame] | 92 | * |
| The Android Open Source Project | adc854b | 2009-03-03 19:28:47 -0800 | [diff] [blame] | 93 | * The cipher suites with DH key exchange may also require: |
| 94 | * Signature NONEwithDSA |
| 95 | * KeyPairGenerator DiffieHellman or DH |
| 96 | * KeyFactory DiffieHellman or DH |
| 97 | * KeyAgreement DiffieHellman or DH |
| 98 | * KeyPairGenerator DiffieHellman or DH |
| Elliott Hughes | f33eae7 | 2010-05-13 12:36:25 -0700 | [diff] [blame] | 99 | * |
| The Android Open Source Project | adc854b | 2009-03-03 19:28:47 -0800 | [diff] [blame] | 100 | * Trust manager implementation requires: |
| 101 | * CertPathValidator PKIX |
| 102 | * CertificateFactory X509 |
| Elliott Hughes | f33eae7 | 2010-05-13 12:36:25 -0700 | [diff] [blame] | 103 | * |
| The Android Open Source Project | adc854b | 2009-03-03 19:28:47 -0800 | [diff] [blame] | 104 | */ |
| 105 | public final class JSSEProvider extends Provider { |
| 106 | |
| Jesse Wilson | f921579 | 2009-08-25 16:30:17 -0700 | [diff] [blame] | 107 | private static final long serialVersionUID = 3075686092260669675L; |
| 108 | |
| The Android Open Source Project | adc854b | 2009-03-03 19:28:47 -0800 | [diff] [blame] | 109 | public JSSEProvider() { |
| 110 | super("HarmonyJSSE", 1.0, "Harmony JSSE Provider"); |
| Jesse Wilson | f921579 | 2009-08-25 16:30:17 -0700 | [diff] [blame] | 111 | AccessController.doPrivileged(new PrivilegedAction<Void>() { |
| The Android Open Source Project | adc854b | 2009-03-03 19:28:47 -0800 | [diff] [blame] | 112 | public Void run() { |
| Jesse Wilson | f921579 | 2009-08-25 16:30:17 -0700 | [diff] [blame] | 113 | put("SSLContext.TLS", SSLContextImpl.class.getName()); |
| The Android Open Source Project | adc854b | 2009-03-03 19:28:47 -0800 | [diff] [blame] | 114 | put("Alg.Alias.SSLContext.TLSv1", "TLS"); |
| Jesse Wilson | f921579 | 2009-08-25 16:30:17 -0700 | [diff] [blame] | 115 | put("KeyManagerFactory.X509", KeyManagerFactoryImpl.class.getName()); |
| 116 | put("TrustManagerFactory.X509", TrustManagerFactoryImpl.class.getName()); |
| The Android Open Source Project | adc854b | 2009-03-03 19:28:47 -0800 | [diff] [blame] | 117 | // BEGIN android-added |
| Brian Carlstrom | 0c131a2 | 2010-05-20 15:27:31 -0700 | [diff] [blame] | 118 | put("SSLContext.Default", DefaultSSLContextImpl.class.getName()); |
| Brian Carlstrom | ecaf759 | 2010-03-02 16:55:35 -0800 | [diff] [blame] | 119 | put("SSLContext.SSL", SSLContextImpl.class.getName()); |
| 120 | put("Alg.Alias.SSLContext.SSLv3", "SSL"); |
| The Android Open Source Project | adc854b | 2009-03-03 19:28:47 -0800 | [diff] [blame] | 121 | // END android-added |
| 122 | return null; |
| 123 | } |
| 124 | }); |
| 125 | } |
| 126 | } |