Home » openjdk-7 » javax » net » ssl » [javadoc | source]

    1   /*
    2    * Copyright (c) 1997, 2010, Oracle and/or its affiliates. All rights reserved.
    3    * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
    4    *
    5    * This code is free software; you can redistribute it and/or modify it
    6    * under the terms of the GNU General Public License version 2 only, as
    7    * published by the Free Software Foundation.  Oracle designates this
    8    * particular file as subject to the "Classpath" exception as provided
    9    * by Oracle in the LICENSE file that accompanied this code.
   10    *
   11    * This code is distributed in the hope that it will be useful, but WITHOUT
   12    * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
   13    * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
   14    * version 2 for more details (a copy is included in the LICENSE file that
   15    * accompanied this code).
   16    *
   17    * You should have received a copy of the GNU General Public License version
   18    * 2 along with this work; if not, write to the Free Software Foundation,
   19    * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
   20    *
   21    * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
   22    * or visit www.oracle.com if you need additional information or have any
   23    * questions.
   24    */
   25   
   26   
   27   package javax.net.ssl;
   28   
   29   import java.io.IOException;
   30   import java.net;
   31   import java.util.Enumeration;
   32   import java.util.Vector;
   33   
   34   
   35   /**
   36    * This class extends <code>Socket</code>s and provides secure
   37    * socket using protocols such as the "Secure
   38    * Sockets Layer" (SSL) or IETF "Transport Layer Security" (TLS) protocols.
   39    * <P>
   40    * Such sockets are normal stream sockets, but they
   41    * add a layer of security protections over the underlying network transport
   42    * protocol, such as TCP.  Those protections include: <UL>
   43    *
   44    *      <LI> <em>Integrity Protection</em>.  SSL protects against
   45    *      modification of messages by an active wiretapper.
   46    *
   47    *      <LI> <em>Authentication</em>.  In most modes, SSL provides
   48    *      peer authentication.  Servers are usually authenticated,
   49    *      and clients may be authenticated as requested by servers.
   50    *
   51    *      <LI> <em>Confidentiality (Privacy Protection)</em>.  In most
   52    *      modes, SSL encrypts data being sent between client and server.
   53    *      This protects the confidentiality of data, so that passive
   54    *      wiretappers won't see sensitive data such as financial
   55    *      information or personal information of many kinds.
   56    *
   57    *      </UL>
   58    *
   59    * <P>These kinds of protection are specified by a "cipher suite", which
   60    * is a combination of cryptographic algorithms used by a given SSL connection.
   61    * During the negotiation process, the two endpoints must agree on
   62    * a ciphersuite that is available in both environments.
   63    * If there is no such suite in common, no SSL connection can
   64    * be established, and no data can be exchanged.
   65    *
   66    * <P> The cipher suite used is established by a negotiation process
   67    * called "handshaking".  The goal of this
   68    * process is to create or rejoin a "session", which may protect many
   69    * connections over time.  After handshaking has completed, you can access
   70    * session attributes by using the <em>getSession</em> method.
   71    * The initial handshake on this connection can be initiated in
   72    * one of three ways: <UL>
   73    *
   74    *      <LI> calling <code>startHandshake</code> which explicitly
   75    *              begins handshakes, or
   76    *      <LI> any attempt to read or write application data on
   77    *              this socket causes an implicit handshake, or
   78    *      <LI> a call to <code>getSession</code> tries to set up a session
   79    *              if there is no currently valid session, and
   80    *              an implicit handshake is done.
   81    * </UL>
   82    *
   83    * <P>If handshaking fails for any reason, the <code>SSLSocket</code>
   84    * is closed, and no futher communications can be done.
   85    *
   86    * <P>There are two groups of cipher suites which you will need to know
   87    * about when managing cipher suites: <UL>
   88    *
   89    *      <LI> <em>Supported</em> cipher suites:  all the suites which are
   90    *      supported by the SSL implementation.  This list is reported
   91    *      using <em>getSupportedCipherSuites</em>.
   92    *
   93    *      <LI> <em>Enabled</em> cipher suites, which may be fewer
   94    *      than the full set of supported suites.  This group is
   95    *      set using the <em>setEnabledCipherSuites</em> method, and
   96    *      queried using the <em>getEnabledCipherSuites</em> method.
   97    *      Initially, a default set of cipher suites will be enabled on
   98    *      a new socket that represents the minimum suggested configuration.
   99    *
  100    *      </UL>
  101    *
  102    * <P> Implementation defaults require that only cipher
  103    * suites which authenticate servers and provide confidentiality
  104    * be enabled by default.
  105    * Only if both sides explicitly agree to unauthenticated and/or
  106    * non-private (unencrypted) communications will such a ciphersuite be
  107    * selected.
  108    *
  109    * <P>When <code>SSLSocket</code>s are first created, no handshaking
  110    * is done so that applications may first set their communication
  111    * preferences:  what cipher suites to use, whether the socket should be
  112    * in client or server mode, etc.
  113    * However, security is always provided by the time that application data
  114    * is sent over the connection.
  115    *
  116    * <P> You may register to receive event notification of handshake
  117    * completion.  This involves
  118    * the use of two additional classes.  <em>HandshakeCompletedEvent</em>
  119    * objects are passed to <em>HandshakeCompletedListener</em> instances,
  120    * which are registered by users of this API.
  121    *
  122    * <code>SSLSocket</code>s are created by <code>SSLSocketFactory</code>s,
  123    * or by <code>accept</code>ing a connection from a
  124    * <code>SSLServerSocket</code>.
  125    *
  126    * <P>A SSL socket must choose to operate in the client or server mode.
  127    * This will determine who begins the handshaking process, as well
  128    * as which messages should be sent by each party.  Each
  129    * connection must have one client and one server, or handshaking
  130    * will not progress properly.  Once the initial handshaking has started, a
  131    * socket can not switch between client and server modes, even when
  132    * performing renegotiations.
  133    *
  134    * @see java.net.Socket
  135    * @see SSLServerSocket
  136    * @see SSLSocketFactory
  137    *
  138    * @since 1.4
  139    * @author David Brownell
  140    */
  141   public abstract class SSLSocket extends Socket
  142   {
  143       /**
  144        * Used only by subclasses.
  145        * Constructs an uninitialized, unconnected TCP socket.
  146        */
  147       protected SSLSocket()
  148           { super(); }
  149   
  150   
  151       /**
  152        * Used only by subclasses.
  153        * Constructs a TCP connection to a named host at a specified port.
  154        * This acts as the SSL client.
  155        * <p>
  156        * If there is a security manager, its <code>checkConnect</code>
  157        * method is called with the host address and <code>port</code>
  158        * as its arguments. This could result in a SecurityException.
  159        *
  160        * @param host name of the host with which to connect, or
  161        *        <code>null</code> for the loopback address.
  162        * @param port number of the server's port
  163        * @throws IOException if an I/O error occurs when creating the socket
  164        * @throws SecurityException if a security manager exists and its
  165        *         <code>checkConnect</code> method doesn't allow the operation.
  166        * @throws UnknownHostException if the host is not known
  167        * @throws IllegalArgumentException if the port parameter is outside the
  168        *         specified range of valid port values, which is between 0 and
  169        *         65535, inclusive.
  170        * @see SecurityManager#checkConnect
  171        */
  172       protected SSLSocket(String host, int port)
  173       throws IOException, UnknownHostException
  174           { super(host, port); }
  175   
  176   
  177       /**
  178        * Used only by subclasses.
  179        * Constructs a TCP connection to a server at a specified address
  180        * and port.  This acts as the SSL client.
  181        * <p>
  182        * If there is a security manager, its <code>checkConnect</code>
  183        * method is called with the host address and <code>port</code>
  184        * as its arguments. This could result in a SecurityException.
  185        *
  186        * @param address the server's host
  187        * @param port its port
  188        * @throws IOException if an I/O error occurs when creating the socket
  189        * @throws SecurityException if a security manager exists and its
  190        *         <code>checkConnect</code> method doesn't allow the operation.
  191        * @throws IllegalArgumentException if the port parameter is outside the
  192        *         specified range of valid port values, which is between 0 and
  193        *         65535, inclusive.
  194        * @throws NullPointerException if <code>address</code> is null.
  195        * @see SecurityManager#checkConnect
  196        */
  197       protected SSLSocket(InetAddress address, int port)
  198       throws IOException
  199           { super(address, port); }
  200   
  201   
  202       /**
  203        * Used only by subclasses.
  204        * Constructs an SSL connection to a named host at a specified port,
  205        * binding the client side of the connection a given address and port.
  206        * This acts as the SSL client.
  207        * <p>
  208        * If there is a security manager, its <code>checkConnect</code>
  209        * method is called with the host address and <code>port</code>
  210        * as its arguments. This could result in a SecurityException.
  211        *
  212        * @param host name of the host with which to connect, or
  213        *        <code>null</code> for the loopback address.
  214        * @param port number of the server's port
  215        * @param clientAddress the client's address the socket is bound to, or
  216        *        <code>null</code> for the <code>anyLocal</code> address.
  217        * @param clientPort the client's port the socket is bound to, or
  218        *        <code>zero</code> for a system selected free port.
  219        * @throws IOException if an I/O error occurs when creating the socket
  220        * @throws SecurityException if a security manager exists and its
  221        *         <code>checkConnect</code> method doesn't allow the operation.
  222        * @throws UnknownHostException if the host is not known
  223        * @throws IllegalArgumentException if the port parameter or clientPort
  224        *         parameter is outside the specified range of valid port values,
  225        *         which is between 0 and 65535, inclusive.
  226        * @see SecurityManager#checkConnect
  227        */
  228       protected SSLSocket(String host, int port,
  229           InetAddress clientAddress, int clientPort)
  230       throws IOException, UnknownHostException
  231           { super(host, port, clientAddress, clientPort); }
  232   
  233   
  234       /**
  235        * Used only by subclasses.
  236        * Constructs an SSL connection to a server at a specified address
  237        * and TCP port, binding the client side of the connection a given
  238        * address and port.  This acts as the SSL client.
  239        * <p>
  240        * If there is a security manager, its <code>checkConnect</code>
  241        * method is called with the host address and <code>port</code>
  242        * as its arguments. This could result in a SecurityException.
  243        *
  244        * @param address the server's host
  245        * @param port its port
  246        * @param clientAddress the client's address the socket is bound to, or
  247        *        <code>null</code> for the <code>anyLocal</code> address.
  248        * @param clientPort the client's port the socket is bound to, or
  249        *        <code>zero</code> for a system selected free port.
  250        * @throws IOException if an I/O error occurs when creating the socket
  251        * @throws SecurityException if a security manager exists and its
  252        *         <code>checkConnect</code> method doesn't allow the operation.
  253        * @throws IllegalArgumentException if the port parameter or clientPort
  254        *         parameter is outside the specified range of valid port values,
  255        *         which is between 0 and 65535, inclusive.
  256        * @throws NullPointerException if <code>address</code> is null.
  257        * @see SecurityManager#checkConnect
  258        */
  259       protected SSLSocket(InetAddress address, int port,
  260           InetAddress clientAddress, int clientPort)
  261       throws IOException
  262           { super(address, port, clientAddress, clientPort); }
  263   
  264   
  265       /**
  266        * Returns the names of the cipher suites which could be enabled for use
  267        * on this connection.  Normally, only a subset of these will actually
  268        * be enabled by default, since this list may include cipher suites which
  269        * do not meet quality of service requirements for those defaults.  Such
  270        * cipher suites might be useful in specialized applications.
  271        *
  272        * @return an array of cipher suite names
  273        * @see #getEnabledCipherSuites()
  274        * @see #setEnabledCipherSuites(String [])
  275        */
  276       public abstract String [] getSupportedCipherSuites();
  277   
  278   
  279       /**
  280        * Returns the names of the SSL cipher suites which are currently
  281        * enabled for use on this connection.  When an SSLSocket is first
  282        * created, all enabled cipher suites support a minimum quality of
  283        * service.  Thus, in some environments this value might be empty.
  284        * <P>
  285        * Even if a suite has been enabled, it might never be used.  (For
  286        * example, the peer does not support it, the requisite certificates
  287        * (and private keys) for the suite are not available, or an
  288        * anonymous suite is enabled but authentication is required.
  289        *
  290        * @return an array of cipher suite names
  291        * @see #getSupportedCipherSuites()
  292        * @see #setEnabledCipherSuites(String [])
  293        */
  294       public abstract String [] getEnabledCipherSuites();
  295   
  296   
  297       /**
  298        * Sets the cipher suites enabled for use on this connection.
  299        * <P>
  300        * Each cipher suite in the <code>suites</code> parameter must have
  301        * been listed by getSupportedCipherSuites(), or the method will
  302        * fail.  Following a successful call to this method, only suites
  303        * listed in the <code>suites</code> parameter are enabled for use.
  304        * <P>
  305        * See {@link #getEnabledCipherSuites()} for more information
  306        * on why a specific ciphersuite may never be used on a connection.
  307        *
  308        * @param suites Names of all the cipher suites to enable
  309        * @throws IllegalArgumentException when one or more of the ciphers
  310        *          named by the parameter is not supported, or when the
  311        *          parameter is null.
  312        * @see #getSupportedCipherSuites()
  313        * @see #getEnabledCipherSuites()
  314        */
  315       public abstract void setEnabledCipherSuites(String suites []);
  316   
  317   
  318       /**
  319        * Returns the names of the protocols which could be enabled for use
  320        * on an SSL connection.
  321        *
  322        * @return an array of protocols supported
  323        */
  324       public abstract String [] getSupportedProtocols();
  325   
  326   
  327       /**
  328        * Returns the names of the protocol versions which are currently
  329        * enabled for use on this connection.
  330        * @see #setEnabledProtocols(String [])
  331        * @return an array of protocols
  332        */
  333       public abstract String [] getEnabledProtocols();
  334   
  335   
  336       /**
  337        * Sets the protocol versions enabled for use on this connection.
  338        * <P>
  339        * The protocols must have been listed by
  340        * <code>getSupportedProtocols()</code> as being supported.
  341        * Following a successful call to this method, only protocols listed
  342        * in the <code>protocols</code> parameter are enabled for use.
  343        *
  344        * @param protocols Names of all the protocols to enable.
  345        * @throws IllegalArgumentException when one or more of
  346        *            the protocols named by the parameter is not supported or
  347        *            when the protocols parameter is null.
  348        * @see #getEnabledProtocols()
  349        */
  350       public abstract void setEnabledProtocols(String protocols[]);
  351   
  352   
  353       /**
  354        * Returns the SSL Session in use by this connection.  These can
  355        * be long lived, and frequently correspond to an entire login session
  356        * for some user.  The session specifies a particular cipher suite
  357        * which is being actively used by all connections in that session,
  358        * as well as the identities of the session's client and server.
  359        * <P>
  360        * This method will initiate the initial handshake if
  361        * necessary and then block until the handshake has been
  362        * established.
  363        * <P>
  364        * If an error occurs during the initial handshake, this method
  365        * returns an invalid session object which reports an invalid
  366        * cipher suite of "SSL_NULL_WITH_NULL_NULL".
  367        *
  368        * @return the <code>SSLSession</code>
  369        */
  370       public abstract SSLSession getSession();
  371   
  372   
  373       /**
  374        * Returns the {@code SSLSession} being constructed during a SSL/TLS
  375        * handshake.
  376        * <p>
  377        * TLS protocols may negotiate parameters that are needed when using
  378        * an instance of this class, but before the {@code SSLSession} has
  379        * been completely initialized and made available via {@code getSession}.
  380        * For example, the list of valid signature algorithms may restrict
  381        * the type of certificates that can used during TrustManager
  382        * decisions, or the maximum TLS fragment packet sizes can be
  383        * resized to better support the network environment.
  384        * <p>
  385        * This method provides early access to the {@code SSLSession} being
  386        * constructed.  Depending on how far the handshake has progressed,
  387        * some data may not yet be available for use.  For example, if a
  388        * remote server will be sending a Certificate chain, but that chain
  389        * has yet not been processed, the {@code getPeerCertificates}
  390        * method of {@code SSLSession} will throw a
  391        * SSLPeerUnverifiedException.  Once that chain has been processed,
  392        * {@code getPeerCertificates} will return the proper value.
  393        * <p>
  394        * Unlike {@link #getSession()}, this method does not initiate the
  395        * initial handshake and does not block until handshaking is
  396        * complete.
  397        *
  398        * @see SSLEngine
  399        * @see SSLSession
  400        * @see ExtendedSSLSession
  401        * @see X509ExtendedKeyManager
  402        * @see X509ExtendedTrustManager
  403        *
  404        * @return null if this instance is not currently handshaking, or
  405        *         if the current handshake has not progressed far enough to
  406        *         create a basic SSLSession.  Otherwise, this method returns the
  407        *         {@code SSLSession} currently being negotiated.
  408        * @throws UnsupportedOperationException if the underlying provider
  409        *         does not implement the operation.
  410        *
  411        * @since 1.7
  412        */
  413       public SSLSession getHandshakeSession() {
  414           throw new UnsupportedOperationException();
  415       }
  416   
  417   
  418       /**
  419        * Registers an event listener to receive notifications that an
  420        * SSL handshake has completed on this connection.
  421        *
  422        * @param listener the HandShake Completed event listener
  423        * @see #startHandshake()
  424        * @see #removeHandshakeCompletedListener(HandshakeCompletedListener)
  425        * @throws IllegalArgumentException if the argument is null.
  426        */
  427       public abstract void addHandshakeCompletedListener(
  428           HandshakeCompletedListener listener);
  429   
  430   
  431       /**
  432        * Removes a previously registered handshake completion listener.
  433        *
  434        * @param listener the HandShake Completed event listener
  435        * @throws IllegalArgumentException if the listener is not registered,
  436        * or the argument is null.
  437        * @see #addHandshakeCompletedListener(HandshakeCompletedListener)
  438        */
  439       public abstract void removeHandshakeCompletedListener(
  440           HandshakeCompletedListener listener);
  441   
  442   
  443       /**
  444        * Starts an SSL handshake on this connection.  Common reasons include
  445        * a need to use new encryption keys, to change cipher suites, or to
  446        * initiate a new session.  To force complete reauthentication, the
  447        * current session could be invalidated before starting this handshake.
  448        *
  449        * <P> If data has already been sent on the connection, it continues
  450        * to flow during this handshake.  When the handshake completes, this
  451        * will be signaled with an event.
  452        *
  453        * This method is synchronous for the initial handshake on a connection
  454        * and returns when the negotiated handshake is complete. Some
  455        * protocols may not support multiple handshakes on an existing socket
  456        * and may throw an IOException.
  457        *
  458        * @throws IOException on a network level error
  459        * @see #addHandshakeCompletedListener(HandshakeCompletedListener)
  460        */
  461       public abstract void startHandshake() throws IOException;
  462   
  463   
  464       /**
  465        * Configures the socket to use client (or server) mode when
  466        * handshaking.
  467        * <P>
  468        * This method must be called before any handshaking occurs.
  469        * Once handshaking has begun, the mode can not be reset for the
  470        * life of this socket.
  471        * <P>
  472        * Servers normally authenticate themselves, and clients
  473        * are not required to do so.
  474        *
  475        * @param mode true if the socket should start its handshaking
  476        *          in "client" mode
  477        * @throws IllegalArgumentException if a mode change is attempted
  478        *          after the initial handshake has begun.
  479        * @see #getUseClientMode()
  480        */
  481       public abstract void setUseClientMode(boolean mode);
  482   
  483   
  484       /**
  485        * Returns true if the socket is set to use client mode when
  486        * handshaking.
  487        *
  488        * @return true if the socket should do handshaking
  489        *          in "client" mode
  490        * @see #setUseClientMode(boolean)
  491        */
  492       public abstract boolean getUseClientMode();
  493   
  494   
  495       /**
  496        * Configures the socket to <i>require</i> client authentication.  This
  497        * option is only useful for sockets in the server mode.
  498        * <P>
  499        * A socket's client authentication setting is one of the following:
  500        * <ul>
  501        * <li> client authentication required
  502        * <li> client authentication requested
  503        * <li> no client authentication desired
  504        * </ul>
  505        * <P>
  506        * Unlike {@link #setWantClientAuth(boolean)}, if this option is set and
  507        * the client chooses not to provide authentication information
  508        * about itself, <i>the negotiations will stop and the connection
  509        * will be dropped</i>.
  510        * <P>
  511        * Calling this method overrides any previous setting made by
  512        * this method or {@link #setWantClientAuth(boolean)}.
  513        *
  514        * @param   need set to true if client authentication is required,
  515        *          or false if no client authentication is desired.
  516        * @see #getNeedClientAuth()
  517        * @see #setWantClientAuth(boolean)
  518        * @see #getWantClientAuth()
  519        * @see #setUseClientMode(boolean)
  520        */
  521       public abstract void setNeedClientAuth(boolean need);
  522   
  523   
  524       /**
  525        * Returns true if the socket will <i>require</i> client authentication.
  526        * This option is only useful to sockets in the server mode.
  527        *
  528        * @return  true if client authentication is required,
  529        *          or false if no client authentication is desired.
  530        * @see #setNeedClientAuth(boolean)
  531        * @see #setWantClientAuth(boolean)
  532        * @see #getWantClientAuth()
  533        * @see #setUseClientMode(boolean)
  534        */
  535       public abstract boolean getNeedClientAuth();
  536   
  537   
  538       /**
  539        * Configures the socket to <i>request</i> client authentication.
  540        * This option is only useful for sockets in the server mode.
  541        * <P>
  542        * A socket's client authentication setting is one of the following:
  543        * <ul>
  544        * <li> client authentication required
  545        * <li> client authentication requested
  546        * <li> no client authentication desired
  547        * </ul>
  548        * <P>
  549        * Unlike {@link #setNeedClientAuth(boolean)}, if this option is set and
  550        * the client chooses not to provide authentication information
  551        * about itself, <i>the negotiations will continue</i>.
  552        * <P>
  553        * Calling this method overrides any previous setting made by
  554        * this method or {@link #setNeedClientAuth(boolean)}.
  555        *
  556        * @param   want set to true if client authentication is requested,
  557        *          or false if no client authentication is desired.
  558        * @see #getWantClientAuth()
  559        * @see #setNeedClientAuth(boolean)
  560        * @see #getNeedClientAuth()
  561        * @see #setUseClientMode(boolean)
  562        */
  563       public abstract void setWantClientAuth(boolean want);
  564   
  565   
  566       /**
  567        * Returns true if the socket will <i>request</i> client authentication.
  568        * This option is only useful for sockets in the server mode.
  569        *
  570        * @return  true if client authentication is requested,
  571        *          or false if no client authentication is desired.
  572        * @see #setNeedClientAuth(boolean)
  573        * @see #getNeedClientAuth()
  574        * @see #setWantClientAuth(boolean)
  575        * @see #setUseClientMode(boolean)
  576        */
  577       public abstract boolean getWantClientAuth();
  578   
  579   
  580       /**
  581        * Controls whether new SSL sessions may be established by this socket.
  582        * If session creations are not allowed, and there are no
  583        * existing sessions to resume, there will be no successful
  584        * handshaking.
  585        *
  586        * @param flag true indicates that sessions may be created; this
  587        *          is the default.  false indicates that an existing session
  588        *          must be resumed
  589        * @see #getEnableSessionCreation()
  590        */
  591       public abstract void setEnableSessionCreation(boolean flag);
  592   
  593   
  594       /**
  595        * Returns true if new SSL sessions may be established by this socket.
  596        *
  597        * @return true indicates that sessions may be created; this
  598        *          is the default.  false indicates that an existing session
  599        *          must be resumed
  600        * @see #setEnableSessionCreation(boolean)
  601        */
  602       public abstract boolean getEnableSessionCreation();
  603   
  604       /**
  605        * Returns the SSLParameters in effect for this SSLSocket.
  606        * The ciphersuites and protocols of the returned SSLParameters
  607        * are always non-null.
  608        *
  609        * @return the SSLParameters in effect for this SSLSocket.
  610        * @since 1.6
  611        */
  612       public SSLParameters getSSLParameters() {
  613           SSLParameters params = new SSLParameters();
  614           params.setCipherSuites(getEnabledCipherSuites());
  615           params.setProtocols(getEnabledProtocols());
  616           if (getNeedClientAuth()) {
  617               params.setNeedClientAuth(true);
  618           } else if (getWantClientAuth()) {
  619               params.setWantClientAuth(true);
  620           }
  621           return params;
  622       }
  623   
  624       /**
  625        * Applies SSLParameters to this socket.
  626        *
  627        * <p>This means:
  628        * <ul>
  629        * <li>if <code>params.getCipherSuites()</code> is non-null,
  630        *   <code>setEnabledCipherSuites()</code> is called with that value
  631        * <li>if <code>params.getProtocols()</code> is non-null,
  632        *   <code>setEnabledProtocols()</code> is called with that value
  633        * <li>if <code>params.getNeedClientAuth()</code> or
  634        *   <code>params.getWantClientAuth()</code> return <code>true</code>,
  635        *   <code>setNeedClientAuth(true)</code> and
  636        *   <code>setWantClientAuth(true)</code> are called, respectively;
  637        *   otherwise <code>setWantClientAuth(false)</code> is called.
  638        * </ul>
  639        *
  640        * @param params the parameters
  641        * @throws IllegalArgumentException if the setEnabledCipherSuites() or
  642        *    the setEnabledProtocols() call fails
  643        * @since 1.6
  644        */
  645       public void setSSLParameters(SSLParameters params) {
  646           String[] s;
  647           s = params.getCipherSuites();
  648           if (s != null) {
  649               setEnabledCipherSuites(s);
  650           }
  651           s = params.getProtocols();
  652           if (s != null) {
  653               setEnabledProtocols(s);
  654           }
  655           if (params.getNeedClientAuth()) {
  656               setNeedClientAuth(true);
  657           } else if (params.getWantClientAuth()) {
  658               setWantClientAuth(true);
  659           } else {
  660               setWantClientAuth(false);
  661           }
  662       }
  663   
  664   }

Home » openjdk-7 » javax » net » ssl » [javadoc | source]