All Downloads are FREE. Search and download functionalities are using the official Maven repository.

javax.net.ssl.SSLContextSpi Maven / Gradle / Ivy

/*
 * Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

package javax.net.ssl;

import java.security.*;

/**
 * This class defines the Service Provider Interface (SPI)
 * for the {@code SSLContext} class.
 *
 * 

All the abstract methods in this class must be implemented by each * cryptographic service provider who wishes to supply the implementation * of a particular SSL context. * * @since 1.4 * @see SSLContext */ public abstract class SSLContextSpi { /** * Constructor for subclasses to call. */ public SSLContextSpi() {} /** * Initializes this context. * * @param km the sources of authentication keys * @param tm the sources of peer authentication trust decisions * @param sr the source of randomness * @throws KeyManagementException if this operation fails * @see SSLContext#init(KeyManager [], TrustManager [], SecureRandom) */ protected abstract void engineInit(KeyManager[] km, TrustManager[] tm, SecureRandom sr) throws KeyManagementException; /** * Returns a {@code SocketFactory} object for this * context. * * @return the {@code SocketFactory} object * @throws UnsupportedOperationException if the underlying provider * does not implement the operation. * @throws IllegalStateException if the SSLContextImpl requires * initialization and the {@code engineInit()} * has not been called * @see javax.net.ssl.SSLContext#getSocketFactory() */ protected abstract SSLSocketFactory engineGetSocketFactory(); /** * Returns a {@code ServerSocketFactory} object for * this context. * * @return the {@code ServerSocketFactory} object * @throws UnsupportedOperationException if the underlying provider * does not implement the operation. * @throws IllegalStateException if the SSLContextImpl requires * initialization and the {@code engineInit()} * has not been called * @see javax.net.ssl.SSLContext#getServerSocketFactory() */ protected abstract SSLServerSocketFactory engineGetServerSocketFactory(); /** * Creates a new {@code SSLEngine} using this context. *

* Applications using this factory method are providing no hints * for an internal session reuse strategy. If hints are desired, * {@link #engineCreateSSLEngine(String, int)} should be used * instead. *

* Some cipher suites (such as Kerberos) require remote hostname * information, in which case this factory method should not be used. * * @implNote * It is provider-specific if the returned SSLEngine uses client or * server mode by default for the (D)TLS connection. The JDK SunJSSE * provider implementation uses server mode by default. However, it * is recommended to always set the desired mode explicitly by calling * {@link SSLEngine#setUseClientMode(boolean) SSLEngine.setUseClientMode()} * before invoking other methods of the SSLEngine. * * @return the {@code SSLEngine} Object * @throws IllegalStateException if the SSLContextImpl requires * initialization and the {@code engineInit()} * has not been called * * @see SSLContext#createSSLEngine() * * @since 1.5 */ protected abstract SSLEngine engineCreateSSLEngine(); /** * Creates a {@code SSLEngine} using this context. *

* Applications using this factory method are providing hints * for an internal session reuse strategy. *

* Some cipher suites (such as Kerberos) require remote hostname * information, in which case peerHost needs to be specified. * * @implNote * It is provider-specific if the returned SSLEngine uses client or * server mode by default for the (D)TLS connection. The JDK SunJSSE * provider implementation uses server mode by default. However, it * is recommended to always set the desired mode explicitly by calling * {@link SSLEngine#setUseClientMode(boolean) SSLEngine.setUseClientMode()} * before invoking other methods of the SSLEngine. * * @param host the non-authoritative name of the host * @param port the non-authoritative port * @return the {@code SSLEngine} Object * @throws IllegalStateException if the SSLContextImpl requires * initialization and the {@code engineInit()} * has not been called * * @see SSLContext#createSSLEngine(String, int) * * @since 1.5 */ protected abstract SSLEngine engineCreateSSLEngine(String host, int port); /** * Returns a server {@code SSLSessionContext} object for * this context. * * @return the {@code SSLSessionContext} object * @see javax.net.ssl.SSLContext#getServerSessionContext() */ protected abstract SSLSessionContext engineGetServerSessionContext(); /** * Returns a client {@code SSLSessionContext} object for * this context. * * @return the {@code SSLSessionContext} object * @see javax.net.ssl.SSLContext#getClientSessionContext() */ protected abstract SSLSessionContext engineGetClientSessionContext(); private SSLSocket getDefaultSocket() { try { SSLSocketFactory factory = engineGetSocketFactory(); return (SSLSocket)factory.createSocket(); } catch (java.io.IOException e) { throw new UnsupportedOperationException("Could not obtain parameters", e); } } /** * Returns a copy of the SSLParameters indicating the default * settings for this SSL context. * *

The parameters will always have the ciphersuite and protocols * arrays set to non-null values. * *

The default implementation obtains the parameters from an * SSLSocket created by calling the * {@linkplain javax.net.SocketFactory#createSocket * SocketFactory.createSocket()} method of this context's SocketFactory. * * @return a copy of the SSLParameters object with the default settings * @throws UnsupportedOperationException if the default SSL parameters * could not be obtained. * * @since 1.6 */ protected SSLParameters engineGetDefaultSSLParameters() { SSLSocket socket = getDefaultSocket(); return socket.getSSLParameters(); } /** * Returns a copy of the SSLParameters indicating the maximum supported * settings for this SSL context. * *

The parameters will always have the ciphersuite and protocols * arrays set to non-null values. * *

The default implementation obtains the parameters from an * SSLSocket created by calling the * {@linkplain javax.net.SocketFactory#createSocket * SocketFactory.createSocket()} method of this context's SocketFactory. * * @return a copy of the SSLParameters object with the maximum supported * settings * @throws UnsupportedOperationException if the supported SSL parameters * could not be obtained. * * @since 1.6 */ protected SSLParameters engineGetSupportedSSLParameters() { SSLSocket socket = getDefaultSocket(); SSLParameters params = socket.getSSLParameters(); params.setCipherSuites(socket.getSupportedCipherSuites()); params.setProtocols(socket.getSupportedProtocols()); return params; } }





© 2015 - 2025 Weber Informatics LLC | Privacy Policy