jdk-sandbox: comparison jdk/src/share/classes/javax/net/ssl/SSLParameters.java

equal deleted inserted replaced

-:56e990297bc5
+:5e2d1edeb2c7
 /*
-* Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved.
+* Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * questions.
 */
 package javax.net.ssl;
+import java.security.AlgorithmConstraints;
 /**
 * Encapsulates parameters for an SSL/TLS connection. The parameters
 * are the list of ciphersuites to be accepted in an SSL/TLS handshake,
-* the list of protocols to be allowed, and whether SSL/TLS servers should
+* the list of protocols to be allowed, the endpoint identification
-* request or require client authentication.
+* algorithm during SSL/TLS handshaking, the algorithm constraints and
-*
+* whether SSL/TLS servers should request or require client authentication.
-* <p>SSLParameters can be created via the constructors in this class.
+* <p>
+* SSLParameters can be created via the constructors in this class.
 * Objects can also be obtained using the <code>getSSLParameters()</code>
 * methods in
 * {@link SSLSocket#getSSLParameters SSLSocket} and
+* {@link SSLServerSocket#getSSLParameters SSLServerSocket} and
 * {@link SSLEngine#getSSLParameters SSLEngine} or the
 * {@link SSLContext#getDefaultSSLParameters getDefaultSSLParameters()} and
 * {@link SSLContext#getSupportedSSLParameters getSupportedSSLParameters()}
 * methods in <code>SSLContext</code>.
-*
+* <p>
-* <P>SSLParameters can be applied to a connection via the methods
+* SSLParameters can be applied to a connection via the methods
 * {@link SSLSocket#setSSLParameters SSLSocket.setSSLParameters()} and
-* {@link SSLEngine#setSSLParameters SSLEngine.getSSLParameters()}.
+* {@link SSLServerSocket#setSSLParameters SSLServerSocket.setSSLParameters()}
+* and {@link SSLEngine#setSSLParameters SSLEngine.getSSLParameters()}.
 *
 * @see SSLSocket
 * @see SSLEngine
 * @see SSLContext
 *
 private String[] cipherSuites;
 private String[] protocols;
 private boolean wantClientAuth;
 private boolean needClientAuth;
+private String identificationAlgorithm;
+private AlgorithmConstraints algorithmConstraints;
 /**
 * Constructs SSLParameters.
-*
+* <p>
-* <p>The cipherSuites and protocols values are set to <code>null</code>,
+* The cipherSuites and protocols values are set to <code>null</code>,
 * wantClientAuth and needClientAuth are set to <code>false</code>.
 */
 public SSLParameters() {
 // empty
 }
 /**
 * Constructs SSLParameters from the specified array of ciphersuites.
+* <p>
 * Calling this constructor is equivalent to calling the no-args
 * constructor followed by
 * <code>setCipherSuites(cipherSuites);</code>.
 *
 * @param cipherSuites the array of ciphersuites (or null)
 }
 /**
 * Constructs SSLParameters from the specified array of ciphersuites
 * and protocols.
+* <p>
 * Calling this constructor is equivalent to calling the no-args
 * constructor followed by
 * <code>setCipherSuites(cipherSuites); setProtocols(protocols);</code>.
 *
 * @param cipherSuites the array of ciphersuites (or null)
 public void setNeedClientAuth(boolean needClientAuth) {
 this.wantClientAuth = false;
 this.needClientAuth = needClientAuth;
 }
+/**
+* Returns the cryptographic algorithm constraints.
+*
+* @return the cryptographic algorithm constraints, or null if the
+*     constraints have not been set
+*
+* @see #setAlgorithmConstraints(AlgorithmConstraints)
+*
+* @since 1.7
+*/
+public AlgorithmConstraints getAlgorithmConstraints() {
+return algorithmConstraints;
+}
+/**
+* Sets the cryptographic algorithm constraints, which will be used
+* in addition to any configured by the runtime environment.
+* <p>
+* If the <code>constraints</code> parameter is non-null, every
+* cryptographic algorithm, key and algorithm parameters used in the
+* SSL/TLS handshake must be permitted by the constraints.
+*
+* @param constraints the algorithm constraints (or null)
+*
+* @since 1.7
+*/
+public void setAlgorithmConstraints(AlgorithmConstraints constraints) {
+// the constraints object is immutable
+this.algorithmConstraints = constraints;
+}
+/**
+* Gets the endpoint identification algorithm.
+*
+* @return the endpoint identification algorithm, or null if none
+* has been set.
+*
+* @see X509ExtendedTrustManager
+* @see #setEndpointIdentificationAlgorithm(String)
+*
+* @since 1.7
+*/
+public String getEndpointIdentificationAlgorithm() {
+return identificationAlgorithm;
+}
+/**
+* Sets the endpoint identification algorithm.
+* <p>
+* If the <code>algorithm</code> parameter is non-null or non-empty, the
+* endpoint identification/verification procedures must be handled during
+* SSL/TLS handshaking.  This is to prevent man-in-the-middle attacks.
+*
+* @param algorithm The standard string name of the endpoint
+*     identification algorithm (or null).  See Appendix A in the <a href=
+*     "../../../technotes/guides/security/crypto/CryptoSpec.html#AppA">
+*     Java Cryptography Architecture API Specification &amp; Reference </a>
+*     for information about standard algorithm names.
+*
+* @see X509ExtendedTrustManager
+*
+* @since 1.7
+*/
+public void setEndpointIdentificationAlgorithm(String algorithm) {
+this.identificationAlgorithm = algorithm;
+}
 }

changeset 7043	5e2d1edeb2c7
parent 5506	202f599c92aa
child 11838	90e9e05727dc