javax.net.ssl

Class SSLEngine


public abstract class SSLEngine
extends Object

A class for low-level message wrapping and unwrapping of SSL messages.
Since:
1.5

Constructor Summary

SSLEngine()
Creates a new SSLEngine with no peer host name or port number.
SSLEngine(String peerHost, int peerPort)
Creates a new SSLEngine with the specified peer host name and port number.

Method Summary

abstract void
beginHandshake()
Begin, or restart, the SSL handshake.
abstract void
closeInbound()
Close the inbound state.
abstract void
closeOutbound()
Close the outbound state.
abstract Runnable
getDelegatedTask()
abstract boolean
getEnableSessionCreation()
Tells if sessions will be created by this engine, and therefore may be resumed at a later time.
abstract String[]
getEnabledCipherSuites()
Returns a list of SSL cipher suite names this SSLEngine is configured to use.
abstract String[]
getEnabledProtocols()
Returns a list of SSL protocol version names this SSLEngine is configured to use.
abstract SSLEngineResult.HandshakeStatus
getHandshakeStatus()
Return the current handshake status.
abstract boolean
getNeedClientAuth()
Tells if this SSLEngine is configured to require client authentication when in server mode.
String
getPeerHost()
Returns the peer host name this SSL session is connected to, or null if this value was not set.
int
getPeerPort()
Returns the peer IP port number this SSL session in communicating on, or -1 if this value was not set.
abstract SSLSession
getSession()
Return the SSLSession object this connection represents.
abstract String[]
getSupportedCipherSuites()
Returns a list of SSL cipher suite names this SSLEngine implementation supports.
abstract String[]
getSupportedProtocols()
Returns a list of SSL protocol version names this SSLEngine implementation supports.
abstract boolean
getUseClientMode()
Tells if this SSLEngine is a "client" session.
abstract boolean
getWantClientAuth()
Tells if client authentication is requested, but not required, for sessions in server mode.
abstract boolean
isInboundDone()
Tells if the incoming data stream is finished, and thus if no more data will be available to be unwrapped.
abstract boolean
isOutboundDone()
Tells if the outgoing data stream is finished, and thus if no more data may be wrapped.
abstract void
setEnableSessionCreation(boolean create)
Enables or disables session creation.
abstract void
setEnabledCipherSuites(String[] suites)
Sets the list of enabled cipher suites.
abstract void
setEnabledProtocols(String[] protocols)
Sets the list of enabled protocol versions.
abstract void
setNeedClientAuth(boolean needAuth)
Enables or disables required client authentication.
abstract void
setUseClientMode(boolean clientMode)
Enables client or server mode.
abstract void
setWantClientAuth(boolean wantAuth)
Enables or disables requested client authentication.
SSLEngineResult
unwrap(ByteBuffer source, ByteBuffer sink)
Unwraps a byte buffer recieved from the network, storing the decrypted, unwrapped bytes into the given buffer.
SSLEngineResult
unwrap(ByteBuffer source, ByteBuffer[] sinks)
Unwraps a byte buffer recieved from the network, storing the decrypted, unwrapped bytes into the given buffers.
abstract SSLEngineResult
unwrap(ByteBuffer source, ByteBuffer[] sinks, int offset, int length)
Unwraps a byte buffer received from the network, storing the decrypted, unwrapped bytes into the given buffers.
SSLEngineResult
wrap(ByteBuffer source, ByteBuffer sink)
Wraps a byte buffer into an SSL message, for preparation to send it over the network.
abstract SSLEngineResult
wrap(ByteBuffer[] sources, int offset, int length, ByteBuffer sink)
Wraps byte buffers into an SSL message, for preparation to send them over the network.
SSLEngineResult
wrap(ByteBuffer[] sources, ByteBuffer sink)
Wraps byte buffers into an SSL message, for preparation to send them over the network.

Methods inherited from class java.lang.Object

clone, equals, extends Object> getClass, finalize, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SSLEngine

protected SSLEngine()
Creates a new SSLEngine with no peer host name or port number.

SSLEngine

protected SSLEngine(String peerHost,
                    int peerPort)
Creates a new SSLEngine with the specified peer host name and port number.
Parameters:
peerHost - The peer's host name.
peerPort - The peer's port number.

Method Details

beginHandshake

public abstract void beginHandshake()
            throws SSLException
Begin, or restart, the SSL handshake.
Throws:
SSLException -

closeInbound

public abstract void closeInbound()
            throws SSLException
Close the inbound state.
Throws:
SSLException -

closeOutbound

public abstract void closeOutbound()
Close the outbound state.

getDelegatedTask

public abstract Runnable getDelegatedTask()

getEnableSessionCreation

public abstract boolean getEnableSessionCreation()
Tells if sessions will be created by this engine, and therefore may be resumed at a later time.
Returns:
True if sessions will be created.

getEnabledCipherSuites

public abstract String[] getEnabledCipherSuites()
Returns a list of SSL cipher suite names this SSLEngine is configured to use.
Returns:
The list of enabled cipher suite names.

getEnabledProtocols

public abstract String[] getEnabledProtocols()
Returns a list of SSL protocol version names this SSLEngine is configured to use.
Returns:
The list of enabled protocol names.

getHandshakeStatus

public abstract SSLEngineResult.HandshakeStatus getHandshakeStatus()
Return the current handshake status.
Returns:
The current handshake status.

getNeedClientAuth

public abstract boolean getNeedClientAuth()
Tells if this SSLEngine is configured to require client authentication when in server mode.
Returns:
True iff client authentication is required.

getPeerHost

public String getPeerHost()
Returns the peer host name this SSL session is connected to, or null if this value was not set.
Returns:
The peer host's name.

getPeerPort

public int getPeerPort()
Returns the peer IP port number this SSL session in communicating on, or -1 if this value was not set.
Returns:
The peer's port number.

getSession

public abstract SSLSession getSession()
Return the SSLSession object this connection represents.
Returns:
The SSL session.

getSupportedCipherSuites

public abstract String[] getSupportedCipherSuites()
Returns a list of SSL cipher suite names this SSLEngine implementation supports.
Returns:
The list of cipher suite names supported by this implementation.

getSupportedProtocols

public abstract String[] getSupportedProtocols()
Returns a list of SSL protocol version names this SSLEngine implementation supports. SSL protocol names include things like "SSLv3" or "TLSv1".
Returns:
The list of SSL protocol names

getUseClientMode

public abstract boolean getUseClientMode()
Tells if this SSLEngine is a "client" session.
Returns:
True iff this session is configured for client mode.

getWantClientAuth

public abstract boolean getWantClientAuth()
Tells if client authentication is requested, but not required, for sessions in server mode. If true, a server session will request an authentication message from connecting clients, but will still allow clients to connect if they cannot be authenticated.
Returns:
True iff client authentication is requested.

isInboundDone

public abstract boolean isInboundDone()
Tells if the incoming data stream is finished, and thus if no more data will be available to be unwrapped.
Returns:
True if no more data is to be unwrapped.

isOutboundDone

public abstract boolean isOutboundDone()
Tells if the outgoing data stream is finished, and thus if no more data may be wrapped.
Returns:
True if no more data may be wrapped.

setEnableSessionCreation

public abstract void setEnableSessionCreation(boolean create)
Enables or disables session creation. If enabled, each connection will create session that may be resumed by another connection.
Parameters:
create - Whether or not to enable session creation.

setEnabledCipherSuites

public abstract void setEnabledCipherSuites(String[] suites)
Sets the list of enabled cipher suites. The argument is an array of strings of the canonical suite names.
Parameters:
suites - The cipher suites to enable.
Throws:
IllegalArgumentException - If any of the specified suite strings is not supported by this implementation, or if the argument is null.

setEnabledProtocols

public abstract void setEnabledProtocols(String[] protocols)
Sets the list of enabled protocol versions. The argument is an array of strings of the canonical protocol version names, such as "TLSv1".
Parameters:
protocols - The protocol versions to enable.
Throws:
IllegalArgumentException - If any of the specified protocols are not supported, or if the argument is null.

setNeedClientAuth

public abstract void setNeedClientAuth(boolean needAuth)
Enables or disables required client authentication. If enabled, clients may only connect if they provide proper identification.

This parameter is only used in server mode.

Parameters:
needAuth - Whether or not client authentication is required.

setUseClientMode

public abstract void setUseClientMode(boolean clientMode)
Enables client or server mode. If the argument is true, this engine will run in client mode; if false, server mode.
Parameters:
clientMode - Whether or not to use client mode.

setWantClientAuth

public abstract void setWantClientAuth(boolean wantAuth)
Enables or disables requested client authentication. If enabled, clients will be asked to provide proper identification, but will still be allowed to connect if they do not provide it.

This parameter is only used in server mode.

Parameters:
wantAuth - Whether or not client authentication will be requested, but not required.

unwrap

public SSLEngineResult unwrap(ByteBuffer source,
                              ByteBuffer sink)
            throws SSLException
Unwraps a byte buffer recieved from the network, storing the decrypted, unwrapped bytes into the given buffer.

This call is exactly equivalent to unwrap (source, new ByteBuffer[] { sink }, 0, 1).

Parameters:
source - The source bytes, coming from the network.
sink - The buffer to hold the unwrapped message.
Returns:
An engine result object for the operation.
Throws:
SSLException - If an SSL message parsing error occurs.
ReadOnlyBufferException - If 'sink' is not writable.
IllegalArgumentException - If either 'source' or 'sink' is null.
IllegalStateException - If this engine has not been put into client or server mode.

unwrap

public SSLEngineResult unwrap(ByteBuffer source,
                              ByteBuffer[] sinks)
            throws SSLException
Unwraps a byte buffer recieved from the network, storing the decrypted, unwrapped bytes into the given buffers.

This call is exactly equivalent to unwrap (source, sinks, 0, sinks.length).

Parameters:
source - The source bytes, coming from the network.
sinks - The buffers to hold the unwrapped message.
Returns:
An engine result object for the operation.
Throws:
SSLException - If an SSL message parsing error occurs.
ReadOnlyBufferException - If any buffer in 'sinks' is not writable.
IllegalArgumentException - If either 'source' or 'sinks' is null.
IllegalStateException - If this engine has not been put into client or server mode.

unwrap

public abstract SSLEngineResult unwrap(ByteBuffer source,
                                       ByteBuffer[] sinks,
                                       int offset,
                                       int length)
            throws SSLException
Unwraps a byte buffer received from the network, storing the decrypted, unwrapped bytes into the given buffers. After unwrapping, the bytes placed into the sink buffers are ready for consumption by the application.

This method may place no bytes in the destination buffer; for example, if this engine is still performing the SSL handshake, only handshake data will be consumed, and no application data.

It is stated that this method may modify the source buffer, and that it must not be passed to another SSLEngine (SSL connections are independent, so another SSLEngine will not have the parameters or state to handle messages meant for this engine).

Parameters:
source - The source bytes, coming from the network.
sinks - The buffers to hold the unwrapped message.
offset - The index of the first buffer in 'sinks' to use.
length - The number of buffers in 'sinks' to use.
Returns:
An engine result object for the operation.
Throws:
SSLException - If an SSL message parsing error occurs.
ReadOnlyBufferException - If any buffer in 'sinks' is not writable.
IllegalArgumentException - If either 'source' or 'sinks' is null.
IllegalStateException - If this engine has not been put into client or server mode.
IndexOutOfBoundsException - If 'offset' or 'length' is negative, or if 'length+offset' is greater than 'sinks.length'.

wrap

public SSLEngineResult wrap(ByteBuffer source,
                            ByteBuffer sink)
            throws SSLException
Wraps a byte buffer into an SSL message, for preparation to send it over the network.

This method is exactly equivalent to wrap (new ByteBuffer[] { source }, 0, 1, sink).

Parameters:
source - The source buffer with application data.
sink - The buffer to hold the wrapped data.
Returns:
An engine result object for the operation.
Throws:
SSLException - If an SSL error occurs.
ReadOnlyBufferException - If 'sink' is read-only.
IllegalArgumentException - If either 'source' or 'sink' is null.
IllegalStateException - If this engine has not been put into client or server mode.

wrap

public abstract SSLEngineResult wrap(ByteBuffer[] sources,
                                     int offset,
                                     int length,
                                     ByteBuffer sink)
            throws SSLException
Wraps byte buffers into an SSL message, for preparation to send them over the network. After wrapping, the data in the sink buffer is ready to be sent over the transport layer.

This method may consume no data from the source buffers, and yet still produce output that should be sent accross the wire; for example if this engine has not yet completed the SSL handshake, the sink buffer will be filled with handshake messages.

Parameters:
sources - The source buffers with application data.
offset - The offset into the source buffers to start reading application data.
length - The number of buffers to read from 'sources'.
sink - The buffer to hold the wrapped data.
Returns:
An engine result object for the operation.
Throws:
SSLException - If an SSL error occurs.
ReadOnlyBufferException - If 'sink' is read-only.
IllegalArgumentException - If either 'sources' or 'sink' is null.
IllegalStateException - If this engine has not been put into client or server mode.
IndexOutOfBoundsException - If 'offset' or 'length' is negative, or if 'length+offset' is greater than 'sources.length'.

wrap

public SSLEngineResult wrap(ByteBuffer[] sources,
                            ByteBuffer sink)
            throws SSLException
Wraps byte buffers into an SSL message, for preparation to send them over the network.

This method is exactly equivalent to wrap (sources, 0, 1, sink).

Parameters:
sources - The source buffers with application data.
sink - The buffer to hold the wrapped data.
Returns:
An engine result object for the operation.
Throws:
SSLException - If an SSL error occurs.
ReadOnlyBufferException - If 'sink' is read-only.
IllegalArgumentException - If either 'sources' or 'sink' is null.
IllegalStateException - If this engine has not been put into client or server mode.

SSLEngine.java -- advanced, generic utility for manipulating SSL messages. Copyright (C) 2006 Free Software Foundation, Inc. This file is a part of GNU Classpath. GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with GNU Classpath; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA Linking this library statically or dynamically with other modules is making a combined work based on this library. Thus, the terms and conditions of the GNU General Public License cover the whole combination. As a special exception, the copyright holders of this library give you permission to link this library with independent modules to produce an executable, regardless of the license terms of these independent modules, and to copy and distribute the resulting executable under terms of your choice, provided that you also meet, for each linked independent module, the terms and conditions of the license of that module. An independent module is a module which is not derived from or based on this library. If you modify this library, you may extend this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version.