diff -r 56e990297bc5 -r 5e2d1edeb2c7 jdk/src/share/classes/javax/net/ssl/SSLParameters.java --- a/jdk/src/share/classes/javax/net/ssl/SSLParameters.java Mon Nov 01 10:59:03 2010 -0700 +++ b/jdk/src/share/classes/javax/net/ssl/SSLParameters.java Mon Nov 01 22:02:35 2010 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,24 +25,29 @@ package javax.net.ssl; +import java.security.AlgorithmConstraints; + /** * Encapsulates parameters for an SSL/TLS connection. The parameters * are the list of ciphersuites to be accepted in an SSL/TLS handshake, - * the list of protocols to be allowed, and whether SSL/TLS servers should - * request or require client authentication. - * - *
SSLParameters can be created via the constructors in this class. + * the list of protocols to be allowed, the endpoint identification + * algorithm during SSL/TLS handshaking, the algorithm constraints and + * whether SSL/TLS servers should request or require client authentication. + *
+ * SSLParameters can be created via the constructors in this class.
* Objects can also be obtained using the getSSLParameters()
* methods in
* {@link SSLSocket#getSSLParameters SSLSocket} and
+ * {@link SSLServerSocket#getSSLParameters SSLServerSocket} and
* {@link SSLEngine#getSSLParameters SSLEngine} or the
* {@link SSLContext#getDefaultSSLParameters getDefaultSSLParameters()} and
* {@link SSLContext#getSupportedSSLParameters getSupportedSSLParameters()}
* methods in SSLContext
.
- *
- *
SSLParameters can be applied to a connection via the methods + *
+ * SSLParameters can be applied to a connection via the methods * {@link SSLSocket#setSSLParameters SSLSocket.setSSLParameters()} and - * {@link SSLEngine#setSSLParameters SSLEngine.getSSLParameters()}. + * {@link SSLServerSocket#setSSLParameters SSLServerSocket.setSSLParameters()} + * and {@link SSLEngine#setSSLParameters SSLEngine.getSSLParameters()}. * * @see SSLSocket * @see SSLEngine @@ -56,11 +61,13 @@ private String[] protocols; private boolean wantClientAuth; private boolean needClientAuth; + private String identificationAlgorithm; + private AlgorithmConstraints algorithmConstraints; /** * Constructs SSLParameters. - * - *
The cipherSuites and protocols values are set to null
,
+ *
+ * The cipherSuites and protocols values are set to null
,
* wantClientAuth and needClientAuth are set to false
.
*/
public SSLParameters() {
@@ -69,6 +76,7 @@
/**
* Constructs SSLParameters from the specified array of ciphersuites.
+ *
* Calling this constructor is equivalent to calling the no-args
* constructor followed by
* setCipherSuites(cipherSuites);
.
@@ -82,6 +90,7 @@
/**
* Constructs SSLParameters from the specified array of ciphersuites
* and protocols.
+ *
* Calling this constructor is equivalent to calling the no-args
* constructor followed by
* setCipherSuites(cipherSuites); setProtocols(protocols);
.
@@ -178,4 +187,71 @@
this.needClientAuth = needClientAuth;
}
+ /**
+ * Returns the cryptographic algorithm constraints.
+ *
+ * @return the cryptographic algorithm constraints, or null if the
+ * constraints have not been set
+ *
+ * @see #setAlgorithmConstraints(AlgorithmConstraints)
+ *
+ * @since 1.7
+ */
+ public AlgorithmConstraints getAlgorithmConstraints() {
+ return algorithmConstraints;
+ }
+
+ /**
+ * Sets the cryptographic algorithm constraints, which will be used
+ * in addition to any configured by the runtime environment.
+ *
+ * If the constraints
parameter is non-null, every
+ * cryptographic algorithm, key and algorithm parameters used in the
+ * SSL/TLS handshake must be permitted by the constraints.
+ *
+ * @param constraints the algorithm constraints (or null)
+ *
+ * @since 1.7
+ */
+ public void setAlgorithmConstraints(AlgorithmConstraints constraints) {
+ // the constraints object is immutable
+ this.algorithmConstraints = constraints;
+ }
+
+ /**
+ * Gets the endpoint identification algorithm.
+ *
+ * @return the endpoint identification algorithm, or null if none
+ * has been set.
+ *
+ * @see X509ExtendedTrustManager
+ * @see #setEndpointIdentificationAlgorithm(String)
+ *
+ * @since 1.7
+ */
+ public String getEndpointIdentificationAlgorithm() {
+ return identificationAlgorithm;
+ }
+
+ /**
+ * Sets the endpoint identification algorithm.
+ *
+ * If the algorithm
parameter is non-null or non-empty, the
+ * endpoint identification/verification procedures must be handled during
+ * SSL/TLS handshaking. This is to prevent man-in-the-middle attacks.
+ *
+ * @param algorithm The standard string name of the endpoint
+ * identification algorithm (or null). See Appendix A in the
+ * Java Cryptography Architecture API Specification & Reference
+ * for information about standard algorithm names.
+ *
+ * @see X509ExtendedTrustManager
+ *
+ * @since 1.7
+ */
+ public void setEndpointIdentificationAlgorithm(String algorithm) {
+ this.identificationAlgorithm = algorithm;
+ }
+
}