Class SSLEngine

Creates a new SSLEngine with no peer host name or port number.

Creates a new SSLEngine with the specified peer host name and port number.

Parameters: peerHost The peer's host name. peerPort The peer's port number.

Begin, or restart, the SSL handshake.

Throws: SSLException

Close the inbound state.

Throws: SSLException

Close the outbound state.

Returns a list of SSL cipher suite names this SSLEngine is configured to use.

Returns: The list of enabled cipher suite names.

Returns a list of SSL protocol version names this SSLEngine is configured to use.

Returns: The list of enabled protocol names.

Tells if sessions will be created by this engine, and therefore may be resumed at a later time.

Returns: True if sessions will be created.

Return the current handshake status.

Returns: The current handshake status.

Tells if this SSLEngine is configured to require client authentication when in server mode.

Returns: True iff client authentication is required.

Returns the peer host name this SSL session is connected to, or null if this value was not set.

Returns: The peer host's name.

Returns the peer IP port number this SSL session in communicating on, or -1 if this value was not set.

Returns: The peer's port number.

Return the {@link SSLSession} object this connection represents.

Returns: The SSL session.

Returns a list of SSL cipher suite names this SSLEngine implementation supports.

Returns: The list of cipher suite names supported by this implementation.

Returns a list of SSL protocol version names this SSLEngine implementation supports. SSL protocol names include things like "SSLv3" or "TLSv1".

Returns: The list of SSL protocol names

Tells if this SSLEngine is a "client" session.

Returns: True iff this session is configured for client mode.

Tells if client authentication is requested, but not required, for sessions in server mode. If true, a server session will request an authentication message from connecting clients, but will still allow clients to connect if they cannot be authenticated.

Returns: True iff client authentication is requested.

Tells if the incoming data stream is finished, and thus if no more data will be available to be unwrapped.

Returns: True if no more data is to be unwrapped.

Tells if the outgoing data stream is finished, and thus if no more data may be wrapped.

Returns: True if no more data may be wrapped.

Sets the list of enabled cipher suites. The argument is an array of strings of the canonical suite names.

Parameters: suites The cipher suites to enable.

Throws: IllegalArgumentException If any of the specified suite strings is not supported by this implementation, or if the argument is null.

Sets the list of enabled protocol versions. The argument is an array of strings of the canonical protocol version names, such as "TLSv1".

Parameters: protocols The protocol versions to enable.

Throws: IllegalArgumentException If any of the specified protocols are not supported, or if the argument is null.

Enables or disables session creation. If enabled, each connection will create session that may be resumed by another connection.

Parameters: create Whether or not to enable session creation.

Enables or disables required client authentication. If enabled, clients may only connect if they provide proper identification.

This parameter is only used in server mode.

Parameters: needAuth Whether or not client authentication is required.

Enables client or server mode. If the argument is true, this engine will run in client mode; if false, server mode.

Parameters: clientMode Whether or not to use client mode.

Enables or disables requested client authentication. If enabled, clients will be asked to provide proper identification, but will still be allowed to connect if they do not provide it.

This parameter is only used in server mode.

Parameters: wantAuth Whether or not client authentication will be requested, but not required.

Unwraps a byte buffer recieved from the network, storing the decrypted, unwrapped bytes into the given buffer.

This call is exactly equivalent to unwrap (source, new ByteBuffer[] { sink }, 0, 1).

Parameters: source The source bytes, coming from the network. sink The buffer to hold the unwrapped message.

Returns: An engine result object for the operation.

Throws: SSLException If an SSL message parsing error occurs. java.nio.ReadOnlyBufferException If 'sink' is not writable. IllegalArgumentException If either 'source' or 'sink' is null. IllegalStateException If this engine has not been put into client or server mode.

Unwraps a byte buffer recieved from the network, storing the decrypted, unwrapped bytes into the given buffers.

This call is exactly equivalent to unwrap (source, sinks, 0, sinks.length).

Parameters: source The source bytes, coming from the network. sinks The buffers to hold the unwrapped message.

Returns: An engine result object for the operation.

Throws: SSLException If an SSL message parsing error occurs. java.nio.ReadOnlyBufferException If any buffer in 'sinks' is not writable. IllegalArgumentException If either 'source' or 'sinks' is null. IllegalStateException If this engine has not been put into client or server mode.

Unwraps a byte buffer received from the network, storing the decrypted, unwrapped bytes into the given buffers. After unwrapping, the bytes placed into the sink buffers are ready for consumption by the application.

This method may place no bytes in the destination buffer; for example, if this engine is still performing the SSL handshake, only handshake data will be consumed, and no application data.

It is stated that this method may modify the source buffer, and that it must not be passed to another SSLEngine (SSL connections are independent, so another SSLEngine will not have the parameters or state to handle messages meant for this engine).

Parameters: source The source bytes, coming from the network. sinks The buffers to hold the unwrapped message. offset The index of the first buffer in 'sinks' to use. length The number of buffers in 'sinks' to use.

Returns: An engine result object for the operation.

Throws: SSLException If an SSL message parsing error occurs. java.nio.ReadOnlyBufferException If any buffer in 'sinks' is not writable. IllegalArgumentException If either 'source' or 'sinks' is null. IllegalStateException If this engine has not been put into client or server mode. IndexOutOfBoundsException If 'offset' or 'length' is negative, or if 'length+offset' is greater than 'sinks.length'.

Wraps a byte buffer into an SSL message, for preparation to send it over the network.

This method is exactly equivalent to wrap (new ByteBuffer[] { source }, 0, 1, sink).

Parameters: source The source buffer with application data. sink The buffer to hold the wrapped data.

Returns: An engine result object for the operation.

Throws: SSLException If an SSL error occurs. java.nio.ReadOnlyBufferException If 'sink' is read-only. IllegalArgumentException If either 'source' or 'sink' is null. IllegalStateException If this engine has not been put into client or server mode.

Wraps byte buffers into an SSL message, for preparation to send them over the network.

This method is exactly equivalent to wrap (sources, 0, 1, sink).

Parameters: sources The source buffers with application data. sink The buffer to hold the wrapped data.

Returns: An engine result object for the operation.

Throws: SSLException If an SSL error occurs. java.nio.ReadOnlyBufferException If 'sink' is read-only. IllegalArgumentException If either 'sources' or 'sink' is null. IllegalStateException If this engine has not been put into client or server mode.

Wraps byte buffers into an SSL message, for preparation to send them over the network. After wrapping, the data in the sink buffer is ready to be sent over the transport layer.

This method may consume no data from the source buffers, and yet still produce output that should be sent accross the wire; for example if this engine has not yet completed the SSL handshake, the sink buffer will be filled with handshake messages.

Parameters: sources The source buffers with application data. offset The offset into the source buffers to start reading application data. length The number of buffers to read from 'sources'. sink The buffer to hold the wrapped data.

Returns: An engine result object for the operation.

Throws: SSLException If an SSL error occurs. java.nio.ReadOnlyBufferException If 'sink' is read-only. IllegalArgumentException If either 'sources' or 'sink' is null. IllegalStateException If this engine has not been put into client or server mode. IndexOutOfBoundsException If 'offset' or 'length' is negative, or if 'length+offset' is greater than 'sources.length'.