1 /* |
1 /* |
2 * Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
30 import sun.security.jca.GetInstance; |
30 import sun.security.jca.GetInstance; |
31 |
31 |
32 /** |
32 /** |
33 * Instances of this class represent a secure socket protocol |
33 * Instances of this class represent a secure socket protocol |
34 * implementation which acts as a factory for secure socket |
34 * implementation which acts as a factory for secure socket |
35 * factories or <code>SSLEngine</code>s. This class is initialized |
35 * factories or {@code SSLEngine}s. This class is initialized |
36 * with an optional set of key and trust managers and source of |
36 * with an optional set of key and trust managers and source of |
37 * secure random bytes. |
37 * secure random bytes. |
38 * |
38 * |
39 * <p> Every implementation of the Java platform is required to support the |
39 * <p> Every implementation of the Java platform is required to support the |
40 * following standard <code>SSLContext</code> protocol: |
40 * following standard {@code SSLContext} protocol: |
41 * <ul> |
41 * <ul> |
42 * <li><tt>TLSv1</tt></li> |
42 * <li><tt>TLSv1</tt></li> |
43 * </ul> |
43 * </ul> |
44 * This protocol is described in the <a href= |
44 * This protocol is described in the <a href= |
45 * "{@docRoot}/../technotes/guides/security/StandardNames.html#SSLContext"> |
45 * "{@docRoot}/../technotes/guides/security/StandardNames.html#SSLContext"> |
77 * Returns the default SSL context. |
77 * Returns the default SSL context. |
78 * |
78 * |
79 * <p>If a default context was set using the {@link #setDefault |
79 * <p>If a default context was set using the {@link #setDefault |
80 * SSLContext.setDefault()} method, it is returned. Otherwise, the first |
80 * SSLContext.setDefault()} method, it is returned. Otherwise, the first |
81 * call of this method triggers the call |
81 * call of this method triggers the call |
82 * <code>SSLContext.getInstance("Default")</code>. |
82 * {@code SSLContext.getInstance("Default")}. |
83 * If successful, that object is made the default SSL context and returned. |
83 * If successful, that object is made the default SSL context and returned. |
84 * |
84 * |
85 * <p>The default context is immediately |
85 * <p>The default context is immediately |
86 * usable and does not require {@linkplain #init initialization}. |
86 * usable and does not require {@linkplain #init initialization}. |
87 * |
87 * |
104 * and not require {@linkplain #init initialization}. |
104 * and not require {@linkplain #init initialization}. |
105 * |
105 * |
106 * @param context the SSLContext |
106 * @param context the SSLContext |
107 * @throws NullPointerException if context is null |
107 * @throws NullPointerException if context is null |
108 * @throws SecurityException if a security manager exists and its |
108 * @throws SecurityException if a security manager exists and its |
109 * <code>checkPermission</code> method does not allow |
109 * {@code checkPermission} method does not allow |
110 * <code>SSLPermission("setDefaultSSLContext")</code> |
110 * {@code SSLPermission("setDefaultSSLContext")} |
111 * @since 1.6 |
111 * @since 1.6 |
112 */ |
112 */ |
113 public static synchronized void setDefault(SSLContext context) { |
113 public static synchronized void setDefault(SSLContext context) { |
114 if (context == null) { |
114 if (context == null) { |
115 throw new NullPointerException(); |
115 throw new NullPointerException(); |
139 * "{@docRoot}/../technotes/guides/security/StandardNames.html#SSLContext"> |
139 * "{@docRoot}/../technotes/guides/security/StandardNames.html#SSLContext"> |
140 * Java Cryptography Architecture Standard Algorithm Name |
140 * Java Cryptography Architecture Standard Algorithm Name |
141 * Documentation</a> |
141 * Documentation</a> |
142 * for information about standard protocol names. |
142 * for information about standard protocol names. |
143 * |
143 * |
144 * @return the new <code>SSLContext</code> object. |
144 * @return the new {@code SSLContext} object. |
145 * |
145 * |
146 * @exception NoSuchAlgorithmException if no Provider supports a |
146 * @exception NoSuchAlgorithmException if no Provider supports a |
147 * SSLContextSpi implementation for the |
147 * SSLContextSpi implementation for the |
148 * specified protocol. |
148 * specified protocol. |
149 * @exception NullPointerException if protocol is null. |
149 * @exception NullPointerException if protocol is null. |
157 return new SSLContext((SSLContextSpi)instance.impl, instance.provider, |
157 return new SSLContext((SSLContextSpi)instance.impl, instance.provider, |
158 protocol); |
158 protocol); |
159 } |
159 } |
160 |
160 |
161 /** |
161 /** |
162 * Returns a <code>SSLContext</code> object that implements the |
162 * Returns a {@code SSLContext} object that implements the |
163 * specified secure socket protocol. |
163 * specified secure socket protocol. |
164 * |
164 * |
165 * <p> A new SSLContext object encapsulating the |
165 * <p> A new SSLContext object encapsulating the |
166 * SSLContextSpi implementation from the specified provider |
166 * SSLContextSpi implementation from the specified provider |
167 * is returned. The specified provider must be registered |
167 * is returned. The specified provider must be registered |
200 return new SSLContext((SSLContextSpi)instance.impl, instance.provider, |
200 return new SSLContext((SSLContextSpi)instance.impl, instance.provider, |
201 protocol); |
201 protocol); |
202 } |
202 } |
203 |
203 |
204 /** |
204 /** |
205 * Returns a <code>SSLContext</code> object that implements the |
205 * Returns a {@code SSLContext} object that implements the |
206 * specified secure socket protocol. |
206 * specified secure socket protocol. |
207 * |
207 * |
208 * <p> A new SSLContext object encapsulating the |
208 * <p> A new SSLContext object encapsulating the |
209 * SSLContextSpi implementation from the specified Provider |
209 * SSLContextSpi implementation from the specified Provider |
210 * object is returned. Note that the specified Provider object |
210 * object is returned. Note that the specified Provider object |
237 return new SSLContext((SSLContextSpi)instance.impl, instance.provider, |
237 return new SSLContext((SSLContextSpi)instance.impl, instance.provider, |
238 protocol); |
238 protocol); |
239 } |
239 } |
240 |
240 |
241 /** |
241 /** |
242 * Returns the protocol name of this <code>SSLContext</code> object. |
242 * Returns the protocol name of this {@code SSLContext} object. |
243 * |
243 * |
244 * <p>This is the same name that was specified in one of the |
244 * <p>This is the same name that was specified in one of the |
245 * <code>getInstance</code> calls that created this |
245 * {@code getInstance} calls that created this |
246 * <code>SSLContext</code> object. |
246 * {@code SSLContext} object. |
247 * |
247 * |
248 * @return the protocol name of this <code>SSLContext</code> object. |
248 * @return the protocol name of this {@code SSLContext} object. |
249 */ |
249 */ |
250 public final String getProtocol() { |
250 public final String getProtocol() { |
251 return this.protocol; |
251 return this.protocol; |
252 } |
252 } |
253 |
253 |
254 /** |
254 /** |
255 * Returns the provider of this <code>SSLContext</code> object. |
255 * Returns the provider of this {@code SSLContext} object. |
256 * |
256 * |
257 * @return the provider of this <code>SSLContext</code> object |
257 * @return the provider of this {@code SSLContext} object |
258 */ |
258 */ |
259 public final Provider getProvider() { |
259 public final Provider getProvider() { |
260 return this.provider; |
260 return this.provider; |
261 } |
261 } |
262 |
262 |
281 throws KeyManagementException { |
281 throws KeyManagementException { |
282 contextSpi.engineInit(km, tm, random); |
282 contextSpi.engineInit(km, tm, random); |
283 } |
283 } |
284 |
284 |
285 /** |
285 /** |
286 * Returns a <code>SocketFactory</code> object for this |
286 * Returns a {@code SocketFactory} object for this |
287 * context. |
287 * context. |
288 * |
288 * |
289 * @return the <code>SocketFactory</code> object |
289 * @return the {@code SocketFactory} object |
|
290 * @throws UnsupportedOperationException if the underlying provider |
|
291 * does not implement the operation. |
290 * @throws IllegalStateException if the SSLContextImpl requires |
292 * @throws IllegalStateException if the SSLContextImpl requires |
291 * initialization and the <code>init()</code> has not been called |
293 * initialization and the {@code init()} has not been called |
292 */ |
294 */ |
293 public final SSLSocketFactory getSocketFactory() { |
295 public final SSLSocketFactory getSocketFactory() { |
294 return contextSpi.engineGetSocketFactory(); |
296 return contextSpi.engineGetSocketFactory(); |
295 } |
297 } |
296 |
298 |
297 /** |
299 /** |
298 * Returns a <code>ServerSocketFactory</code> object for |
300 * Returns a {@code ServerSocketFactory} object for |
299 * this context. |
301 * this context. |
300 * |
302 * |
301 * @return the <code>ServerSocketFactory</code> object |
303 * @return the {@code ServerSocketFactory} object |
|
304 * @throws UnsupportedOperationException if the underlying provider |
|
305 * does not implement the operation. |
302 * @throws IllegalStateException if the SSLContextImpl requires |
306 * @throws IllegalStateException if the SSLContextImpl requires |
303 * initialization and the <code>init()</code> has not been called |
307 * initialization and the {@code init()} has not been called |
304 */ |
308 */ |
305 public final SSLServerSocketFactory getServerSocketFactory() { |
309 public final SSLServerSocketFactory getServerSocketFactory() { |
306 return contextSpi.engineGetServerSocketFactory(); |
310 return contextSpi.engineGetServerSocketFactory(); |
307 } |
311 } |
308 |
312 |
309 /** |
313 /** |
310 * Creates a new <code>SSLEngine</code> using this context. |
314 * Creates a new {@code SSLEngine} using this context. |
311 * <P> |
315 * <P> |
312 * Applications using this factory method are providing no hints |
316 * Applications using this factory method are providing no hints |
313 * for an internal session reuse strategy. If hints are desired, |
317 * for an internal session reuse strategy. If hints are desired, |
314 * {@link #createSSLEngine(String, int)} should be used |
318 * {@link #createSSLEngine(String, int)} should be used |
315 * instead. |
319 * instead. |
316 * <P> |
320 * <P> |
317 * Some cipher suites (such as Kerberos) require remote hostname |
321 * Some cipher suites (such as Kerberos) require remote hostname |
318 * information, in which case this factory method should not be used. |
322 * information, in which case this factory method should not be used. |
319 * |
323 * |
320 * @return the <code>SSLEngine</code> object |
324 * @return the {@code SSLEngine} object |
321 * @throws UnsupportedOperationException if the underlying provider |
325 * @throws UnsupportedOperationException if the underlying provider |
322 * does not implement the operation. |
326 * does not implement the operation. |
323 * @throws IllegalStateException if the SSLContextImpl requires |
327 * @throws IllegalStateException if the SSLContextImpl requires |
324 * initialization and the <code>init()</code> has not been called |
328 * initialization and the {@code init()} has not been called |
325 * @since 1.5 |
329 * @since 1.5 |
326 */ |
330 */ |
327 public final SSLEngine createSSLEngine() { |
331 public final SSLEngine createSSLEngine() { |
328 try { |
332 try { |
329 return contextSpi.engineCreateSSLEngine(); |
333 return contextSpi.engineCreateSSLEngine(); |
336 throw unsup; |
340 throw unsup; |
337 } |
341 } |
338 } |
342 } |
339 |
343 |
340 /** |
344 /** |
341 * Creates a new <code>SSLEngine</code> using this context using |
345 * Creates a new {@code SSLEngine} using this context using |
342 * advisory peer information. |
346 * advisory peer information. |
343 * <P> |
347 * <P> |
344 * Applications using this factory method are providing hints |
348 * Applications using this factory method are providing hints |
345 * for an internal session reuse strategy. |
349 * for an internal session reuse strategy. |
346 * <P> |
350 * <P> |
347 * Some cipher suites (such as Kerberos) require remote hostname |
351 * Some cipher suites (such as Kerberos) require remote hostname |
348 * information, in which case peerHost needs to be specified. |
352 * information, in which case peerHost needs to be specified. |
349 * |
353 * |
350 * @param peerHost the non-authoritative name of the host |
354 * @param peerHost the non-authoritative name of the host |
351 * @param peerPort the non-authoritative port |
355 * @param peerPort the non-authoritative port |
352 * @return the new <code>SSLEngine</code> object |
356 * @return the new {@code SSLEngine} object |
353 * @throws UnsupportedOperationException if the underlying provider |
357 * @throws UnsupportedOperationException if the underlying provider |
354 * does not implement the operation. |
358 * does not implement the operation. |
355 * @throws IllegalStateException if the SSLContextImpl requires |
359 * @throws IllegalStateException if the SSLContextImpl requires |
356 * initialization and the <code>init()</code> has not been called |
360 * initialization and the {@code init()} has not been called |
357 * @since 1.5 |
361 * @since 1.5 |
358 */ |
362 */ |
359 public final SSLEngine createSSLEngine(String peerHost, int peerPort) { |
363 public final SSLEngine createSSLEngine(String peerHost, int peerPort) { |
360 try { |
364 try { |
361 return contextSpi.engineCreateSSLEngine(peerHost, peerPort); |
365 return contextSpi.engineCreateSSLEngine(peerHost, peerPort); |