File Doc Category Size Date Package
SSLParameters.java API Doc Android 1.5 API 15235 Wed May 06 22:41:06 BST 2009 org.apache.harmony.xnet.provider.jsse

SSLParameters

java.lang.Object

public class SSLParameters extends Object implements Cloneable

The instances of this class incapsulate all the info about enabled cipher suites and protocols, as well as the information about client/server mode of ssl socket, whether it require/want client authentication or not, and controls whether new SSL sessions may be established by this socket or not.

Fields Summary
private static X509KeyManager
defaultKeyManager
private static X509TrustManager
defaultTrustManager
private static SecureRandom
defaultSecureRandom
private static SSLParameters
defaultParameters
private final ClientSessionContext
clientSessionContext
private final ServerSessionContext
serverSessionContext
private X509KeyManager
keyManager
private X509TrustManager
trustManager
private SecureRandom
secureRandom
private CipherSuite[]
enabledCipherSuites
private String[]
enabledCipherSuiteNames
private String[]
enabledProtocols
private boolean
client_mode
private boolean
need_client_auth
private boolean
want_client_auth
private boolean
enable_session_creation
private int
ssl_ctx
Holds a pointer to our native SSL context.
Constructors Summary
protected SSLParameters(KeyManager[] kms, TrustManager[] tms, SecureRandom sr, SSLClientSessionCache clientCache, SSLServerSessionCache serverCache)
Initializes the parameters. Naturally this constructor is used in SSLContextImpl.engineInit method which dirrectly passes its parameters. In other words this constructor holds all the functionality provided by SSLContext.init method. See {@link javax.net.ssl.SSLContext#init(KeyManager[],TrustManager[], SecureRandom)} for more information
this.serverSessionContext = new ServerSessionContext(this, serverCache); this.clientSessionContext = new ClientSessionContext(this, clientCache); // END android-changed try { // initialize key manager boolean initialize_default = false; // It's not described by the spec of SSLContext what should happen // if the arrays of length 0 are specified. This implementation // behave as for null arrays (i.e. use installed security providers) if ((kms == null) || (kms.length == 0)) { if (defaultKeyManager == null) { KeyManagerFactory kmf = KeyManagerFactory.getInstance( KeyManagerFactory.getDefaultAlgorithm()); kmf.init(null, null); kms = kmf.getKeyManagers(); // tell that we are trying to initialize defaultKeyManager initialize_default = true; } else { keyManager = defaultKeyManager; } } if (keyManager == null) { // was not initialized by default for (int i = 0; i < kms.length; i++) { if (kms[i] instanceof X509KeyManager) { keyManager = (X509KeyManager)kms[i]; break; } } if (keyManager == null) { throw new KeyManagementException("No X509KeyManager found"); } if (initialize_default) { // found keyManager is default key manager defaultKeyManager = keyManager; } } // initialize trust manager initialize_default = false; if ((tms == null) || (tms.length == 0)) { if (defaultTrustManager == null) { TrustManagerFactory tmf = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init((KeyStore)null); tms = tmf.getTrustManagers(); initialize_default = true; } else { trustManager = defaultTrustManager; } } if (trustManager == null) { // was not initialized by default for (int i = 0; i < tms.length; i++) { if (tms[i] instanceof X509TrustManager) { trustManager = (X509TrustManager)tms[i]; break; } } if (trustManager == null) { throw new KeyManagementException("No X509TrustManager found"); } if (initialize_default) { // found trustManager is default trust manager defaultTrustManager = trustManager; } } } catch (NoSuchAlgorithmException e) { throw new KeyManagementException(e); } catch (KeyStoreException e) { throw new KeyManagementException(e); } catch (UnrecoverableKeyException e) { throw new KeyManagementException(e); } // initialize secure random // BEGIN android-removed // if (sr == null) { // if (defaultSecureRandom == null) { // defaultSecureRandom = new SecureRandom(); // } // secureRandom = defaultSecureRandom; // } else { // secureRandom = sr; // } // END android-removed // BEGIN android-added // We simply use the SecureRandom passed in by the caller. If it's // null, we don't replace it by a new instance. The native code below // then directly accesses /dev/urandom. Not the most elegant solution, // but faster than going through the SecureRandom object. secureRandom = sr; // END android-added
Methods Summary
protected java.lang.Object clone()
Returns the clone of this object.
return
the clone.
// BEGIN android-changed try { return super.clone(); } catch (CloneNotSupportedException e) { throw new AssertionError(e); } // END android-changed
protected ClientSessionContext getClientSessionContext()
return
client session context
// END android-changed return clientSessionContext;
protected static org.apache.harmony.xnet.provider.jsse.SSLParameters getDefault()
if (defaultParameters == null) { // BEGIN android-changed defaultParameters = new SSLParameters(null, null, null, null, null); // END android-changed } return (SSLParameters) defaultParameters.clone();
protected boolean getEnableSessionCreation()
Returns the value indicating if the peer with this parameters allowed to cteate new SSL session
return enable_session_creation;
protected java.lang.String[] getEnabledCipherSuites()
return
the names of enabled cipher suites
if (enabledCipherSuiteNames == null) { // BEGIN android-added CipherSuite[] enabledCipherSuites = getEnabledCipherSuitesMember(); // END android-added enabledCipherSuiteNames = new String[enabledCipherSuites.length]; for (int i = 0; i< enabledCipherSuites.length; i++) { enabledCipherSuiteNames[i] = enabledCipherSuites[i].getName(); } } return (String[]) enabledCipherSuiteNames.clone();
protected CipherSuite[] getEnabledCipherSuitesMember()
// BEGIN android-changed if (enabledCipherSuites == null) this.enabledCipherSuites = CipherSuite.defaultCipherSuites; return enabledCipherSuites;
protected java.lang.String[] getEnabledProtocols()
return
the set of enabled protocols
return (String[]) enabledProtocols.clone();
protected javax.net.ssl.X509KeyManager getKeyManager()
return
key manager
return keyManager;
protected boolean getNeedClientAuth()
Returns the value indicating if the peer with this parameters tuned to require client authentication
return need_client_auth;
protected synchronized int getSSLCTX()
Returns the native SSL context, creating it on-the-fly, if necessary.
if (ssl_ctx == 0) ssl_ctx = nativeinitsslctx(); return ssl_ctx;
protected java.security.SecureRandom getSecureRandom()
return
secure random
// BEGIN android-removed // return secureRandom; // END android-removed // BEGIN android-added if (secureRandom != null) return secureRandom; if (defaultSecureRandom == null) { defaultSecureRandom = new SecureRandom(); } secureRandom = defaultSecureRandom; // END android-added return secureRandom;
protected java.security.SecureRandom getSecureRandomMember()
return
the secure random member reference, even it is null
return secureRandom;
protected ServerSessionContext getServerSessionContext()
return
server session context
// END android-changed return serverSessionContext;
protected javax.net.ssl.X509TrustManager getTrustManager()
return
trust manager
return trustManager;
protected boolean getUseClientMode()
Returns the value indicating if the parameters configured to work in client mode.
return client_mode;
protected boolean getWantClientAuth()
Returns the value indicating if the peer with this parameters tuned to request client authentication
return
return want_client_auth;
private native int nativeinitsslctx()
Initializes our native SSL context.
protected void setEnableSessionCreation(boolean flag)
Allows/disallows the peer holding this parameters to create new SSL session
enable_session_creation = flag;
protected void setEnabledCipherSuites(java.lang.String[] suites)
Sets the set of available cipher suites for use in SSL connection.
param
suites: String[]
return
if (suites == null) { throw new IllegalArgumentException("Provided parameter is null"); } CipherSuite[] cipherSuites = new CipherSuite[suites.length]; for (int i=0; i<suites.length; i++) { cipherSuites[i] = CipherSuite.getByName(suites[i]); if (cipherSuites[i] == null || !cipherSuites[i].supported) { throw new IllegalArgumentException(suites[i] + " is not supported."); } } enabledCipherSuites = cipherSuites; enabledCipherSuiteNames = suites;
protected void setEnabledProtocols(java.lang.String[] protocols)
Sets the set of available protocols for use in SSL connection.
param
protocols String[]
if (protocols == null) { throw new IllegalArgumentException("Provided parameter is null"); } for (int i=0; i<protocols.length; i++) { if (!ProtocolVersion.isSupported(protocols[i])) { throw new IllegalArgumentException("Protocol " + protocols[i] + " is not supported."); } } enabledProtocols = protocols;
protected void setNeedClientAuth(boolean need)
Tunes the peer holding this parameters to require client authentication
need_client_auth = need; // reset the want_client_auth setting want_client_auth = false;
protected void setUseClientMode(boolean mode)
Tunes the peer holding this parameters to work in client mode.
param
mode if the peer is configured to work in client mode
client_mode = mode;
protected void setWantClientAuth(boolean want)
Tunes the peer holding this parameters to request client authentication
want_client_auth = want; // reset the need_client_auth setting need_client_auth = false;