1 /* |
1 /* |
2 * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
23 * questions. |
23 * questions. |
24 */ |
24 */ |
25 |
25 |
26 package javax.net.ssl; |
26 package javax.net.ssl; |
27 |
27 |
|
28 import java.security.AlgorithmConstraints; |
|
29 |
28 /** |
30 /** |
29 * Encapsulates parameters for an SSL/TLS connection. The parameters |
31 * Encapsulates parameters for an SSL/TLS connection. The parameters |
30 * are the list of ciphersuites to be accepted in an SSL/TLS handshake, |
32 * are the list of ciphersuites to be accepted in an SSL/TLS handshake, |
31 * the list of protocols to be allowed, and whether SSL/TLS servers should |
33 * the list of protocols to be allowed, the endpoint identification |
32 * request or require client authentication. |
34 * algorithm during SSL/TLS handshaking, the algorithm constraints and |
33 * |
35 * whether SSL/TLS servers should request or require client authentication. |
34 * <p>SSLParameters can be created via the constructors in this class. |
36 * <p> |
|
37 * SSLParameters can be created via the constructors in this class. |
35 * Objects can also be obtained using the <code>getSSLParameters()</code> |
38 * Objects can also be obtained using the <code>getSSLParameters()</code> |
36 * methods in |
39 * methods in |
37 * {@link SSLSocket#getSSLParameters SSLSocket} and |
40 * {@link SSLSocket#getSSLParameters SSLSocket} and |
|
41 * {@link SSLServerSocket#getSSLParameters SSLServerSocket} and |
38 * {@link SSLEngine#getSSLParameters SSLEngine} or the |
42 * {@link SSLEngine#getSSLParameters SSLEngine} or the |
39 * {@link SSLContext#getDefaultSSLParameters getDefaultSSLParameters()} and |
43 * {@link SSLContext#getDefaultSSLParameters getDefaultSSLParameters()} and |
40 * {@link SSLContext#getSupportedSSLParameters getSupportedSSLParameters()} |
44 * {@link SSLContext#getSupportedSSLParameters getSupportedSSLParameters()} |
41 * methods in <code>SSLContext</code>. |
45 * methods in <code>SSLContext</code>. |
42 * |
46 * <p> |
43 * <P>SSLParameters can be applied to a connection via the methods |
47 * SSLParameters can be applied to a connection via the methods |
44 * {@link SSLSocket#setSSLParameters SSLSocket.setSSLParameters()} and |
48 * {@link SSLSocket#setSSLParameters SSLSocket.setSSLParameters()} and |
45 * {@link SSLEngine#setSSLParameters SSLEngine.getSSLParameters()}. |
49 * {@link SSLServerSocket#setSSLParameters SSLServerSocket.setSSLParameters()} |
|
50 * and {@link SSLEngine#setSSLParameters SSLEngine.getSSLParameters()}. |
46 * |
51 * |
47 * @see SSLSocket |
52 * @see SSLSocket |
48 * @see SSLEngine |
53 * @see SSLEngine |
49 * @see SSLContext |
54 * @see SSLContext |
50 * |
55 * |
54 |
59 |
55 private String[] cipherSuites; |
60 private String[] cipherSuites; |
56 private String[] protocols; |
61 private String[] protocols; |
57 private boolean wantClientAuth; |
62 private boolean wantClientAuth; |
58 private boolean needClientAuth; |
63 private boolean needClientAuth; |
|
64 private String identificationAlgorithm; |
|
65 private AlgorithmConstraints algorithmConstraints; |
59 |
66 |
60 /** |
67 /** |
61 * Constructs SSLParameters. |
68 * Constructs SSLParameters. |
62 * |
69 * <p> |
63 * <p>The cipherSuites and protocols values are set to <code>null</code>, |
70 * The cipherSuites and protocols values are set to <code>null</code>, |
64 * wantClientAuth and needClientAuth are set to <code>false</code>. |
71 * wantClientAuth and needClientAuth are set to <code>false</code>. |
65 */ |
72 */ |
66 public SSLParameters() { |
73 public SSLParameters() { |
67 // empty |
74 // empty |
68 } |
75 } |
69 |
76 |
70 /** |
77 /** |
71 * Constructs SSLParameters from the specified array of ciphersuites. |
78 * Constructs SSLParameters from the specified array of ciphersuites. |
|
79 * <p> |
72 * Calling this constructor is equivalent to calling the no-args |
80 * Calling this constructor is equivalent to calling the no-args |
73 * constructor followed by |
81 * constructor followed by |
74 * <code>setCipherSuites(cipherSuites);</code>. |
82 * <code>setCipherSuites(cipherSuites);</code>. |
75 * |
83 * |
76 * @param cipherSuites the array of ciphersuites (or null) |
84 * @param cipherSuites the array of ciphersuites (or null) |
80 } |
88 } |
81 |
89 |
82 /** |
90 /** |
83 * Constructs SSLParameters from the specified array of ciphersuites |
91 * Constructs SSLParameters from the specified array of ciphersuites |
84 * and protocols. |
92 * and protocols. |
|
93 * <p> |
85 * Calling this constructor is equivalent to calling the no-args |
94 * Calling this constructor is equivalent to calling the no-args |
86 * constructor followed by |
95 * constructor followed by |
87 * <code>setCipherSuites(cipherSuites); setProtocols(protocols);</code>. |
96 * <code>setCipherSuites(cipherSuites); setProtocols(protocols);</code>. |
88 * |
97 * |
89 * @param cipherSuites the array of ciphersuites (or null) |
98 * @param cipherSuites the array of ciphersuites (or null) |
176 public void setNeedClientAuth(boolean needClientAuth) { |
185 public void setNeedClientAuth(boolean needClientAuth) { |
177 this.wantClientAuth = false; |
186 this.wantClientAuth = false; |
178 this.needClientAuth = needClientAuth; |
187 this.needClientAuth = needClientAuth; |
179 } |
188 } |
180 |
189 |
|
190 /** |
|
191 * Returns the cryptographic algorithm constraints. |
|
192 * |
|
193 * @return the cryptographic algorithm constraints, or null if the |
|
194 * constraints have not been set |
|
195 * |
|
196 * @see #setAlgorithmConstraints(AlgorithmConstraints) |
|
197 * |
|
198 * @since 1.7 |
|
199 */ |
|
200 public AlgorithmConstraints getAlgorithmConstraints() { |
|
201 return algorithmConstraints; |
|
202 } |
|
203 |
|
204 /** |
|
205 * Sets the cryptographic algorithm constraints, which will be used |
|
206 * in addition to any configured by the runtime environment. |
|
207 * <p> |
|
208 * If the <code>constraints</code> parameter is non-null, every |
|
209 * cryptographic algorithm, key and algorithm parameters used in the |
|
210 * SSL/TLS handshake must be permitted by the constraints. |
|
211 * |
|
212 * @param constraints the algorithm constraints (or null) |
|
213 * |
|
214 * @since 1.7 |
|
215 */ |
|
216 public void setAlgorithmConstraints(AlgorithmConstraints constraints) { |
|
217 // the constraints object is immutable |
|
218 this.algorithmConstraints = constraints; |
|
219 } |
|
220 |
|
221 /** |
|
222 * Gets the endpoint identification algorithm. |
|
223 * |
|
224 * @return the endpoint identification algorithm, or null if none |
|
225 * has been set. |
|
226 * |
|
227 * @see X509ExtendedTrustManager |
|
228 * @see #setEndpointIdentificationAlgorithm(String) |
|
229 * |
|
230 * @since 1.7 |
|
231 */ |
|
232 public String getEndpointIdentificationAlgorithm() { |
|
233 return identificationAlgorithm; |
|
234 } |
|
235 |
|
236 /** |
|
237 * Sets the endpoint identification algorithm. |
|
238 * <p> |
|
239 * If the <code>algorithm</code> parameter is non-null or non-empty, the |
|
240 * endpoint identification/verification procedures must be handled during |
|
241 * SSL/TLS handshaking. This is to prevent man-in-the-middle attacks. |
|
242 * |
|
243 * @param algorithm The standard string name of the endpoint |
|
244 * identification algorithm (or null). See Appendix A in the <a href= |
|
245 * "../../../technotes/guides/security/crypto/CryptoSpec.html#AppA"> |
|
246 * Java Cryptography Architecture API Specification & Reference </a> |
|
247 * for information about standard algorithm names. |
|
248 * |
|
249 * @see X509ExtendedTrustManager |
|
250 * |
|
251 * @since 1.7 |
|
252 */ |
|
253 public void setEndpointIdentificationAlgorithm(String algorithm) { |
|
254 this.identificationAlgorithm = algorithm; |
|
255 } |
|
256 |
181 } |
257 } |