javax.net.ssl
Class SSLEngine
A class for low-level message wrapping and unwrapping of SSL
messages.
SSLEngine()- Creates a new SSLEngine with no peer host name or port number.
|
SSLEngine(String peerHost, int peerPort)- Creates a new SSLEngine with the specified peer host name and
port number.
|
abstract void | beginHandshake()- Begin, or restart, the SSL handshake.
|
abstract void | closeInbound()- Close the inbound state.
|
abstract void | closeOutbound()- Close the outbound state.
|
abstract Runnable | getDelegatedTask()
|
abstract boolean | getEnableSessionCreation()- Tells if sessions will be created by this engine, and therefore
may be resumed at a later time.
|
abstract String[] | getEnabledCipherSuites()- Returns a list of SSL cipher suite names this SSLEngine is
configured to use.
|
abstract String[] | getEnabledProtocols()- Returns a list of SSL protocol version names this SSLEngine is
configured to use.
|
abstract SSLEngineResult.HandshakeStatus | getHandshakeStatus()- Return the current handshake status.
|
abstract boolean | getNeedClientAuth()- Tells if this SSLEngine is configured to require client
authentication when in server mode.
|
String | getPeerHost()- Returns the peer host name this SSL session is connected to, or
null if this value was not set.
|
int | getPeerPort()- Returns the peer IP port number this SSL session in communicating
on, or -1 if this value was not set.
|
abstract SSLSession | getSession()- Return the
SSLSession object this connection represents.
|
abstract String[] | getSupportedCipherSuites()- Returns a list of SSL cipher suite names this SSLEngine
implementation supports.
|
abstract String[] | getSupportedProtocols()- Returns a list of SSL protocol version names this SSLEngine
implementation supports.
|
abstract boolean | getUseClientMode()- Tells if this SSLEngine is a "client" session.
|
abstract boolean | getWantClientAuth()- Tells if client authentication is requested, but not required,
for sessions in server mode.
|
abstract boolean | isInboundDone()- Tells if the incoming data stream is finished, and thus if no
more data will be available to be unwrapped.
|
abstract boolean | isOutboundDone()- Tells if the outgoing data stream is finished, and thus if no
more data may be wrapped.
|
abstract void | setEnableSessionCreation(boolean create)- Enables or disables session creation.
|
abstract void | setEnabledCipherSuites(String[] suites)- Sets the list of enabled cipher suites.
|
abstract void | setEnabledProtocols(String[] protocols)- Sets the list of enabled protocol versions.
|
abstract void | setNeedClientAuth(boolean needAuth)- Enables or disables required client authentication.
|
abstract void | setUseClientMode(boolean clientMode)- Enables client or server mode.
|
abstract void | setWantClientAuth(boolean wantAuth)- Enables or disables requested client authentication.
|
SSLEngineResult | unwrap(ByteBuffer source, ByteBuffer sink)- Unwraps a byte buffer recieved from the network, storing the
decrypted, unwrapped bytes into the given buffer.
|
SSLEngineResult | unwrap(ByteBuffer source, ByteBuffer[] sinks)- Unwraps a byte buffer recieved from the network, storing the
decrypted, unwrapped bytes into the given buffers.
|
abstract SSLEngineResult | unwrap(ByteBuffer source, ByteBuffer[] sinks, int offset, int length)- Unwraps a byte buffer received from the network, storing the
decrypted, unwrapped bytes into the given buffers.
|
SSLEngineResult | wrap(ByteBuffer source, ByteBuffer sink)- Wraps a byte buffer into an SSL message, for preparation to send
it over the network.
|
abstract SSLEngineResult | wrap(ByteBuffer[] sources, int offset, int length, ByteBuffer sink)- Wraps byte buffers into an SSL message, for preparation to send
them over the network.
|
SSLEngineResult | wrap(ByteBuffer[] sources, ByteBuffer sink)- Wraps byte buffers into an SSL message, for preparation to send
them over the network.
|
clone, equals, extends Object> getClass, finalize, hashCode, notify, notifyAll, toString, wait, wait, wait |
SSLEngine
protected SSLEngine()
Creates a new SSLEngine with no peer host name or port number.
SSLEngine
protected SSLEngine(String peerHost,
int peerPort) Creates a new SSLEngine with the specified peer host name and
port number.
peerHost - The peer's host name.peerPort - The peer's port number.
closeOutbound
public abstract void closeOutbound()
Close the outbound state.
getEnableSessionCreation
public abstract boolean getEnableSessionCreation()
Tells if sessions will be created by this engine, and therefore
may be resumed at a later time.
- True if sessions will be created.
getEnabledCipherSuites
public abstract String[] getEnabledCipherSuites()
Returns a list of SSL cipher suite names this SSLEngine is
configured to use.
- The list of enabled cipher suite names.
getEnabledProtocols
public abstract String[] getEnabledProtocols()
Returns a list of SSL protocol version names this SSLEngine is
configured to use.
- The list of enabled protocol names.
getNeedClientAuth
public abstract boolean getNeedClientAuth()
Tells if this SSLEngine is configured to require client
authentication when in server mode.
- True iff client authentication is required.
getPeerHost
public String getPeerHost()
Returns the peer host name this SSL session is connected to, or
null if this value was not set.
getPeerPort
public int getPeerPort()
Returns the peer IP port number this SSL session in communicating
on, or -1 if this value was not set.
getSupportedCipherSuites
public abstract String[] getSupportedCipherSuites()
Returns a list of SSL cipher suite names this SSLEngine
implementation supports.
- The list of cipher suite names supported by this
implementation.
getSupportedProtocols
public abstract String[] getSupportedProtocols()
Returns a list of SSL protocol version names this SSLEngine
implementation supports. SSL protocol names include things like
"SSLv3" or "TLSv1".
- The list of SSL protocol names
getUseClientMode
public abstract boolean getUseClientMode()
Tells if this SSLEngine is a "client" session.
- True iff this session is configured for client mode.
getWantClientAuth
public abstract boolean getWantClientAuth()
Tells if client authentication is requested, but not required,
for sessions in server mode. If true, a server session will
request an authentication message from connecting clients, but
will still allow clients to connect if they cannot be
authenticated.
- True iff client authentication is requested.
isInboundDone
public abstract boolean isInboundDone()
Tells if the incoming data stream is finished, and thus if no
more data will be available to be unwrapped.
- True if no more data is to be unwrapped.
isOutboundDone
public abstract boolean isOutboundDone()
Tells if the outgoing data stream is finished, and thus if no
more data may be wrapped.
- True if no more data may be wrapped.
setEnableSessionCreation
public abstract void setEnableSessionCreation(boolean create)
Enables or disables session creation. If enabled, each connection
will create session that may be resumed by another connection.
create - Whether or not to enable session creation.
setEnabledCipherSuites
public abstract void setEnabledCipherSuites(String[] suites)
Sets the list of enabled cipher suites. The argument is an array
of strings of the canonical suite names.
suites - The cipher suites to enable.
IllegalArgumentException - If any of the specified suite
strings is not supported by this implementation, or if the
argument is null.
setEnabledProtocols
public abstract void setEnabledProtocols(String[] protocols)
Sets the list of enabled protocol versions. The argument is an
array of strings of the canonical protocol version names, such as
"TLSv1".
protocols - The protocol versions to enable.
setNeedClientAuth
public abstract void setNeedClientAuth(boolean needAuth)
Enables or disables required client authentication. If enabled,
clients may only connect if they provide proper identification.
This parameter is only used in server mode.
needAuth - Whether or not client authentication is required.
setUseClientMode
public abstract void setUseClientMode(boolean clientMode)
Enables client or server mode. If the argument is true, this
engine will run in client mode; if false, server mode.
clientMode - Whether or not to use client mode.
setWantClientAuth
public abstract void setWantClientAuth(boolean wantAuth)
Enables or disables requested client authentication. If enabled,
clients will be asked to provide proper identification, but will
still be allowed to connect if they do not provide it.
This parameter is only used in server mode.
wantAuth - Whether or not client authentication will be
requested, but not required.
unwrap
public SSLEngineResult unwrap(ByteBuffer source,
ByteBuffer sink)
throws SSLException Unwraps a byte buffer recieved from the network, storing the
decrypted, unwrapped bytes into the given buffer.
This call is exactly equivalent to
unwrap (source, new
ByteBuffer[] { sink }, 0, 1).
source - The source bytes, coming from the network.sink - The buffer to hold the unwrapped message.
- An engine result object for the operation.
unwrap
public SSLEngineResult unwrap(ByteBuffer source,
ByteBuffer[] sinks)
throws SSLException Unwraps a byte buffer recieved from the network, storing the
decrypted, unwrapped bytes into the given buffers.
This call is exactly equivalent to
unwrap (source,
sinks, 0, sinks.length).
source - The source bytes, coming from the network.sinks - The buffers to hold the unwrapped message.
- An engine result object for the operation.
unwrap
public abstract SSLEngineResult unwrap(ByteBuffer source,
ByteBuffer[] sinks,
int offset,
int length)
throws SSLException Unwraps a byte buffer received from the network, storing the
decrypted, unwrapped bytes into the given buffers. After
unwrapping, the bytes placed into the sink buffers are ready for
consumption by the application.
This method may place no bytes in the destination buffer; for
example, if this engine is still performing the SSL handshake,
only handshake data will be consumed, and no application data.
It is stated that this method may modify the source buffer,
and that it must not be passed to another SSLEngine (SSL
connections are independent, so another SSLEngine will not have
the parameters or state to handle messages meant for this
engine).
source - The source bytes, coming from the network.sinks - The buffers to hold the unwrapped message.offset - The index of the first buffer in 'sinks' to use.length - The number of buffers in 'sinks' to use.
- An engine result object for the operation.
wrap
public SSLEngineResult wrap(ByteBuffer source,
ByteBuffer sink)
throws SSLException Wraps a byte buffer into an SSL message, for preparation to send
it over the network.
This method is exactly equivalent to
wrap (new
ByteBuffer[] { source }, 0, 1, sink).
source - The source buffer with application data.sink - The buffer to hold the wrapped data.
- An engine result object for the operation.
wrap
public abstract SSLEngineResult wrap(ByteBuffer[] sources,
int offset,
int length,
ByteBuffer sink)
throws SSLException Wraps byte buffers into an SSL message, for preparation to send
them over the network. After wrapping, the data in the sink
buffer is ready to be sent over the transport layer.
This method may consume no data from the source buffers, and
yet still produce output that should be sent accross the wire;
for example if this engine has not yet completed the SSL
handshake, the sink buffer will be filled with handshake
messages.
sources - The source buffers with application data.offset - The offset into the source buffers to start reading
application data.length - The number of buffers to read from 'sources'.sink - The buffer to hold the wrapped data.
- An engine result object for the operation.
wrap
public SSLEngineResult wrap(ByteBuffer[] sources,
ByteBuffer sink)
throws SSLException Wraps byte buffers into an SSL message, for preparation to send
them over the network.
This method is exactly equivalent to
wrap (sources, 0,
1, sink).
sources - The source buffers with application data.sink - The buffer to hold the wrapped data.
- An engine result object for the operation.
SSLEngine.java -- advanced, generic utility for manipulating SSL messages.
Copyright (C) 2006 Free Software Foundation, Inc.
This file is a part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or (at
your option) any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
USA
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version.