Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / libcore / 319a3b994703aac84df7bcde272adfcb3cdbbbf0 / . / jdk / src / share / classes / javax / net / ssl / SSLContext.java
blob: 70b033ebc3eb3f740fff19cc5b2141d4a9d2c093 [file] [log] [blame]
J. Duke319a3b92007-12-01 00:00:00 +0000[diff] [blame^]1/*
2 * Copyright 1999-2006 Sun Microsystems, Inc. All Rights Reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Sun designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Sun in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
22 * CA 95054 USA or visit www.sun.com if you need additional information or
23 * have any questions.
24 */
25
26package javax.net.ssl;
27
28import java.security.*;
29import java.util.*;
30
31import sun.security.jca.GetInstance;
32
33/**
34 * Instances of this class represent a secure socket protocol
35 * implementation which acts as a factory for secure socket
36 * factories or <code>SSLEngine</code>s. This class is initialized
37 * with an optional set of key and trust managers and source of
38 * secure random bytes.
39 *
40 * @since 1.4
41 */
42public class SSLContext {
43 private final Provider provider;
44
45 private final SSLContextSpi contextSpi;
46
47 private final String protocol;
48
49 /**
50 * Creates an SSLContext object.
51 *
52 * @param contextSpi the delegate
53 * @param provider the provider
54 * @param protocol the protocol
55 */
56 protected SSLContext(SSLContextSpi contextSpi, Provider provider,
57 String protocol) {
58 this.contextSpi = contextSpi;
59 this.provider = provider;
60 this.protocol = protocol;
61 }
62
63 private static SSLContext defaultContext;
64
65 /**
66 * Returns the default SSL context.
67 *
68 * <p>If a default context was set using the {@link #setDefault
69 * SSLContext.setDefault()} method, it is returned. Otherwise, the first
70 * call of this method triggers the call
71 * <code>SSLContext.getInstance("Default")</code>.
72 * If successful, that object is made the default SSL context and returned.
73 *
74 * <p>The default context is immediately
75 * usable and does not require {@linkplain #init initialization}.
76 *
77 * @return the default SSL context
78 * @throws NoSuchAlgorithmException if the
79 * {@link SSLContext#getInstance SSLContext.getInstance()} call fails
80 * @since 1.6
81 */
82 public static synchronized SSLContext getDefault()
83 throws NoSuchAlgorithmException {
84 if (defaultContext == null) {
85 defaultContext = SSLContext.getInstance("Default");
86 }
87 return defaultContext;
88 }
89
90 /**
91 * Sets the default SSL context. It will be returned by subsequent calls
92 * to {@link #getDefault}. The default context must be immediately usable
93 * and not require {@linkplain #init initialization}.
94 *
95 * @param context the SSLContext
96 * @throws NullPointerException if context is null
97 * @throws SecurityException if a security manager exists and its
98 * <code>checkPermission</code> method does not allow
99 * <code>SSLPermission("setDefaultSSLContext")</code>
100 * @since 1.6
101 */
102 public static synchronized void setDefault(SSLContext context) {
103 if (context == null) {
104 throw new NullPointerException();
105 }
106 SecurityManager sm = System.getSecurityManager();
107 if (sm != null) {
108 sm.checkPermission(new SSLPermission("setDefaultSSLContext"));
109 }
110 defaultContext = context;
111 }
112
113 /**
114 * Returns a <code>SSLContext</code> object that implements the
115 * specified secure socket protocol.
116 *
117 * <p> This method traverses the list of registered security Providers,
118 * starting with the most preferred Provider.
119 * A new SSLContext object encapsulating the
120 * SSLContextSpi implementation from the first
121 * Provider that supports the specified protocol is returned.
122 *
123 * <p> Note that the list of registered providers may be retrieved via
124 * the {@link Security#getProviders() Security.getProviders()} method.
125 *
126 * @param protocol the standard name of the requested protocol.
127 * See Appendix A in the <a href=
128 * "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html#AppA">
129 * Java Secure Socket Extension Reference Guide </a>
130 * for information about standard protocol names.
131 *
132 * @return the new <code>SSLContext</code> object.
133 *
134 * @exception NoSuchAlgorithmException if no Provider supports a
135 * TrustManagerFactorySpi implementation for the
136 * specified protocol.
137 *
138 * @see java.security.Provider
139 */
140 public static SSLContext getInstance(String protocol)
141 throws NoSuchAlgorithmException {
142 GetInstance.Instance instance = GetInstance.getInstance
143 ("SSLContext", SSLContextSpi.class, protocol);
144 return new SSLContext((SSLContextSpi)instance.impl, instance.provider,
145 protocol);
146 }
147
148 /**
149 * Returns a <code>SSLContext</code> object that implements the
150 * specified secure socket protocol.
151 *
152 * <p> A new SSLContext object encapsulating the
153 * SSLContextSpi implementation from the specified provider
154 * is returned. The specified provider must be registered
155 * in the security provider list.
156 *
157 * <p> Note that the list of registered providers may be retrieved via
158 * the {@link Security#getProviders() Security.getProviders()} method.
159 *
160 * @param protocol the standard name of the requested protocol.
161 * See Appendix A in the <a href=
162 * "{@docRoot}/../technotes/guides//security/jsse/JSSERefGuide.html#AppA">
163 * Java Secure Socket Extension Reference Guide </a>
164 * for information about standard protocol names.
165 *
166 * @param provider the name of the provider.
167 *
168 * @return the new <code>SSLContext</code> object.
169 *
170 * @throws NoSuchAlgorithmException if a SSLContextSpi
171 * implementation for the specified protocol is not
172 * available from the specified provider.
173 *
174 * @throws NoSuchProviderException if the specified provider is not
175 * registered in the security provider list.
176 *
177 * @throws IllegalArgumentException if the provider name is null or empty.
178 *
179 * @see java.security.Provider
180 */
181 public static SSLContext getInstance(String protocol, String provider)
182 throws NoSuchAlgorithmException, NoSuchProviderException {
183 GetInstance.Instance instance = GetInstance.getInstance
184 ("SSLContext", SSLContextSpi.class, protocol, provider);
185 return new SSLContext((SSLContextSpi)instance.impl, instance.provider,
186 protocol);
187 }
188
189 /**
190 * Returns a <code>SSLContext</code> object that implements the
191 * specified secure socket protocol.
192 *
193 * <p> A new SSLContext object encapsulating the
194 * SSLContextSpi implementation from the specified Provider
195 * object is returned. Note that the specified Provider object
196 * does not have to be registered in the provider list.
197 *
198 * @param protocol the standard name of the requested protocol.
199 * See Appendix A in the <a href=
200 * "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html#AppA">
201 * Java Secure Socket Extension Reference Guide </a>
202 * for information about standard protocol names.
203 *
204 * @param provider an instance of the provider.
205 *
206 * @return the new <code>SSLContext</code> object.
207 *
208 * @throws NoSuchAlgorithmException if a KeyManagerFactorySpi
209 * implementation for the specified protocol is not available
210 * from the specified Provider object.
211 *
212 * @throws IllegalArgumentException if the provider name is null.
213 *
214 * @see java.security.Provider
215 */
216 public static SSLContext getInstance(String protocol, Provider provider)
217 throws NoSuchAlgorithmException {
218 GetInstance.Instance instance = GetInstance.getInstance
219 ("SSLContext", SSLContextSpi.class, protocol, provider);
220 return new SSLContext((SSLContextSpi)instance.impl, instance.provider,
221 protocol);
222 }
223
224 /**
225 * Returns the protocol name of this <code>SSLContext</code> object.
226 *
227 * <p>This is the same name that was specified in one of the
228 * <code>getInstance</code> calls that created this
229 * <code>SSLContext</code> object.
230 *
231 * @return the protocol name of this <code>SSLContext</code> object.
232 */
233 public final String getProtocol() {
234 return this.protocol;
235 }
236
237 /**
238 * Returns the provider of this <code>SSLContext</code> object.
239 *
240 * @return the provider of this <code>SSLContext</code> object
241 */
242 public final Provider getProvider() {
243 return this.provider;
244 }
245
246 /**
247 * Initializes this context. Either of the first two parameters
248 * may be null in which case the installed security providers will
249 * be searched for the highest priority implementation of the
250 * appropriate factory. Likewise, the secure random parameter may
251 * be null in which case the default implementation will be used.
252 * <P>
253 * Only the first instance of a particular key and/or trust manager
254 * implementation type in the array is used. (For example, only
255 * the first javax.net.ssl.X509KeyManager in the array will be used.)
256 *
257 * @param km the sources of authentication keys or null
258 * @param tm the sources of peer authentication trust decisions or null
259 * @param random the source of randomness for this generator or null
260 * @throws KeyManagementException if this operation fails
261 */
262 public final void init(KeyManager[] km, TrustManager[] tm,
263 SecureRandom random)
264 throws KeyManagementException {
265 contextSpi.engineInit(km, tm, random);
266 }
267
268 /**
269 * Returns a <code>SocketFactory</code> object for this
270 * context.
271 *
272 * @return the <code>SocketFactory</code> object
273 * @throws IllegalStateException if the SSLContextImpl requires
274 * initialization and the <code>init()</code> has not been called
275 */
276 public final SSLSocketFactory getSocketFactory() {
277 return contextSpi.engineGetSocketFactory();
278 }
279
280 /**
281 * Returns a <code>ServerSocketFactory</code> object for
282 * this context.
283 *
284 * @return the <code>ServerSocketFactory</code> object
285 * @throws IllegalStateException if the SSLContextImpl requires
286 * initialization and the <code>init()</code> has not been called
287 */
288 public final SSLServerSocketFactory getServerSocketFactory() {
289 return contextSpi.engineGetServerSocketFactory();
290 }
291
292 /**
293 * Creates a new <code>SSLEngine</code> using this context.
294 * <P>
295 * Applications using this factory method are providing no hints
296 * for an internal session reuse strategy. If hints are desired,
297 * {@link #createSSLEngine(String, int)} should be used
298 * instead.
299 * <P>
300 * Some cipher suites (such as Kerberos) require remote hostname
301 * information, in which case this factory method should not be used.
302 *
303 * @return the <code>SSLEngine</code> object
304 * @throws UnsupportedOperationException if the underlying provider
305 * does not implement the operation.
306 * @throws IllegalStateException if the SSLContextImpl requires
307 * initialization and the <code>init()</code> has not been called
308 * @since 1.5
309 */
310 public final SSLEngine createSSLEngine() {
311 try {
312 return contextSpi.engineCreateSSLEngine();
313 } catch (AbstractMethodError e) {
314 UnsupportedOperationException unsup =
315 new UnsupportedOperationException(
316 "Provider: " + getProvider() +
317 " doesn't support this operation");
318 unsup.initCause(e);
319 throw unsup;
320 }
321 }
322
323 /**
324 * Creates a new <code>SSLEngine</code> using this context using
325 * advisory peer information.
326 * <P>
327 * Applications using this factory method are providing hints
328 * for an internal session reuse strategy.
329 * <P>
330 * Some cipher suites (such as Kerberos) require remote hostname
331 * information, in which case peerHost needs to be specified.
332 *
333 * @param peerHost the non-authoritative name of the host
334 * @param peerPort the non-authoritative port
335 * @return the new <code>SSLEngine</code> object
336 * @throws UnsupportedOperationException if the underlying provider
337 * does not implement the operation.
338 * @throws IllegalStateException if the SSLContextImpl requires
339 * initialization and the <code>init()</code> has not been called
340 * @since 1.5
341 */
342 public final SSLEngine createSSLEngine(String peerHost, int peerPort) {
343 try {
344 return contextSpi.engineCreateSSLEngine(peerHost, peerPort);
345 } catch (AbstractMethodError e) {
346 UnsupportedOperationException unsup =
347 new UnsupportedOperationException(
348 "Provider: " + getProvider() +
349 " does not support this operation");
350 unsup.initCause(e);
351 throw unsup;
352 }
353 }
354
355 /**
356 * Returns the server session context, which represents the set of
357 * SSL sessions available for use during the handshake phase of
358 * server-side SSL sockets.
359 * <P>
360 * This context may be unavailable in some environments, in which
361 * case this method returns null. For example, when the underlying
362 * SSL provider does not provide an implementation of SSLSessionContext
363 * interface, this method returns null. A non-null session context
364 * is returned otherwise.
365 *
366 * @return server session context bound to this SSL context
367 */
368 public final SSLSessionContext getServerSessionContext() {
369 return contextSpi.engineGetServerSessionContext();
370 }
371
372 /**
373 * Returns the client session context, which represents the set of
374 * SSL sessions available for use during the handshake phase of
375 * client-side SSL sockets.
376 * <P>
377 * This context may be unavailable in some environments, in which
378 * case this method returns null. For example, when the underlying
379 * SSL provider does not provide an implementation of SSLSessionContext
380 * interface, this method returns null. A non-null session context
381 * is returned otherwise.
382 *
383 * @return client session context bound to this SSL context
384 */
385 public final SSLSessionContext getClientSessionContext() {
386 return contextSpi.engineGetClientSessionContext();
387 }
388
389 /**
390 * Returns a copy of the SSLParameters indicating the default
391 * settings for this SSL context.
392 *
393 * <p>The parameters will always have the ciphersuites and protocols
394 * arrays set to non-null values.
395 *
396 * @return a copy of the SSLParameters object with the default settings
397 * @throws UnsupportedOperationException if the default SSL parameters
398 * could not be obtained.
399 * @since 1.6
400 */
401 public final SSLParameters getDefaultSSLParameters() {
402 return contextSpi.engineGetDefaultSSLParameters();
403 }
404
405 /**
406 * Returns a copy of the SSLParameters indicating the supported
407 * settings for this SSL context.
408 *
409 * <p>The parameters will always have the ciphersuites and protocols
410 * arrays set to non-null values.
411 *
412 * @return a copy of the SSLParameters object with the supported
413 * settings
414 * @throws UnsupportedOperationException if the supported SSL parameters
415 * could not be obtained.
416 * @since 1.6
417 */
418 public final SSLParameters getSupportedSSLParameters() {
419 return contextSpi.engineGetSupportedSSLParameters();
420 }
421
422}