Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/src/share/classes/javax/net/ssl/SSLContext.java
38918 views
/*1* Copyright (c) 1999, 2012, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation. Oracle designates this7* particular file as subject to the "Classpath" exception as provided8* by Oracle in the LICENSE file that accompanied this code.9*10* This code is distributed in the hope that it will be useful, but WITHOUT11* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or12* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License13* version 2 for more details (a copy is included in the LICENSE file that14* accompanied this code).15*16* You should have received a copy of the GNU General Public License version17* 2 along with this work; if not, write to the Free Software Foundation,18* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.19*20* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA21* or visit www.oracle.com if you need additional information or have any22* questions.23*/2425package javax.net.ssl;2627import java.security.*;2829import sun.security.jca.GetInstance;3031/**32* Instances of this class represent a secure socket protocol33* implementation which acts as a factory for secure socket34* factories or <code>SSLEngine</code>s. This class is initialized35* with an optional set of key and trust managers and source of36* secure random bytes.37*38* <p> Every implementation of the Java platform is required to support the39* following standard <code>SSLContext</code> protocol:40* <ul>41* <li><tt>TLSv1</tt></li>42* </ul>43* This protocol is described in the <a href=44* "{@docRoot}/../technotes/guides/security/StandardNames.html#SSLContext">45* SSLContext section</a> of the46* Java Cryptography Architecture Standard Algorithm Name Documentation.47* Consult the release documentation for your implementation to see if any48* other algorithms are supported.49*50* @since 1.451*/52public class SSLContext {53private final Provider provider;5455private final SSLContextSpi contextSpi;5657private final String protocol;5859/**60* Creates an SSLContext object.61*62* @param contextSpi the delegate63* @param provider the provider64* @param protocol the protocol65*/66protected SSLContext(SSLContextSpi contextSpi, Provider provider,67String protocol) {68this.contextSpi = contextSpi;69this.provider = provider;70this.protocol = protocol;71}7273private static SSLContext defaultContext;7475/**76* Returns the default SSL context.77*78* <p>If a default context was set using the {@link #setDefault79* SSLContext.setDefault()} method, it is returned. Otherwise, the first80* call of this method triggers the call81* <code>SSLContext.getInstance("Default")</code>.82* If successful, that object is made the default SSL context and returned.83*84* <p>The default context is immediately85* usable and does not require {@linkplain #init initialization}.86*87* @return the default SSL context88* @throws NoSuchAlgorithmException if the89* {@link SSLContext#getInstance SSLContext.getInstance()} call fails90* @since 1.691*/92public static synchronized SSLContext getDefault()93throws NoSuchAlgorithmException {94if (defaultContext == null) {95defaultContext = SSLContext.getInstance("Default");96}97return defaultContext;98}99100/**101* Sets the default SSL context. It will be returned by subsequent calls102* to {@link #getDefault}. The default context must be immediately usable103* and not require {@linkplain #init initialization}.104*105* @param context the SSLContext106* @throws NullPointerException if context is null107* @throws SecurityException if a security manager exists and its108* <code>checkPermission</code> method does not allow109* <code>SSLPermission("setDefaultSSLContext")</code>110* @since 1.6111*/112public static synchronized void setDefault(SSLContext context) {113if (context == null) {114throw new NullPointerException();115}116SecurityManager sm = System.getSecurityManager();117if (sm != null) {118sm.checkPermission(new SSLPermission("setDefaultSSLContext"));119}120defaultContext = context;121}122123/**124* Returns a <code>SSLContext</code> object that implements the125* specified secure socket protocol.126*127* <p> This method traverses the list of registered security Providers,128* starting with the most preferred Provider.129* A new SSLContext object encapsulating the130* SSLContextSpi implementation from the first131* Provider that supports the specified protocol is returned.132*133* <p> Note that the list of registered providers may be retrieved via134* the {@link Security#getProviders() Security.getProviders()} method.135*136* @param protocol the standard name of the requested protocol.137* See the SSLContext section in the <a href=138* "{@docRoot}/../technotes/guides/security/StandardNames.html#SSLContext">139* Java Cryptography Architecture Standard Algorithm Name140* Documentation</a>141* for information about standard protocol names.142*143* @return the new <code>SSLContext</code> object.144*145* @exception NoSuchAlgorithmException if no Provider supports a146* SSLContextSpi implementation for the147* specified protocol.148* @exception NullPointerException if protocol is null.149*150* @see java.security.Provider151*/152public static SSLContext getInstance(String protocol)153throws NoSuchAlgorithmException {154GetInstance.Instance instance = GetInstance.getInstance155("SSLContext", SSLContextSpi.class, protocol);156return new SSLContext((SSLContextSpi)instance.impl, instance.provider,157protocol);158}159160/**161* Returns a <code>SSLContext</code> object that implements the162* specified secure socket protocol.163*164* <p> A new SSLContext object encapsulating the165* SSLContextSpi implementation from the specified provider166* is returned. The specified provider must be registered167* in the security provider list.168*169* <p> Note that the list of registered providers may be retrieved via170* the {@link Security#getProviders() Security.getProviders()} method.171*172* @param protocol the standard name of the requested protocol.173* See the SSLContext section in the <a href=174* "{@docRoot}/../technotes/guides/security/StandardNames.html#SSLContext">175* Java Cryptography Architecture Standard Algorithm Name176* Documentation</a>177* for information about standard protocol names.178*179* @param provider the name of the provider.180*181* @return the new <code>SSLContext</code> object.182*183* @throws NoSuchAlgorithmException if a SSLContextSpi184* implementation for the specified protocol is not185* available from the specified provider.186*187* @throws NoSuchProviderException if the specified provider is not188* registered in the security provider list.189*190* @throws IllegalArgumentException if the provider name is null or empty.191* @throws NullPointerException if protocol is null.192*193* @see java.security.Provider194*/195public static SSLContext getInstance(String protocol, String provider)196throws NoSuchAlgorithmException, NoSuchProviderException {197GetInstance.Instance instance = GetInstance.getInstance198("SSLContext", SSLContextSpi.class, protocol, provider);199return new SSLContext((SSLContextSpi)instance.impl, instance.provider,200protocol);201}202203/**204* Returns a <code>SSLContext</code> object that implements the205* specified secure socket protocol.206*207* <p> A new SSLContext object encapsulating the208* SSLContextSpi implementation from the specified Provider209* object is returned. Note that the specified Provider object210* does not have to be registered in the provider list.211*212* @param protocol the standard name of the requested protocol.213* See the SSLContext section in the <a href=214* "{@docRoot}/../technotes/guides/security/StandardNames.html#SSLContext">215* Java Cryptography Architecture Standard Algorithm Name216* Documentation</a>217* for information about standard protocol names.218*219* @param provider an instance of the provider.220*221* @return the new <code>SSLContext</code> object.222*223* @throws NoSuchAlgorithmException if a SSLContextSpi224* implementation for the specified protocol is not available225* from the specified Provider object.226*227* @throws IllegalArgumentException if the provider is null.228* @throws NullPointerException if protocol is null.229*230* @see java.security.Provider231*/232public static SSLContext getInstance(String protocol, Provider provider)233throws NoSuchAlgorithmException {234GetInstance.Instance instance = GetInstance.getInstance235("SSLContext", SSLContextSpi.class, protocol, provider);236return new SSLContext((SSLContextSpi)instance.impl, instance.provider,237protocol);238}239240/**241* Returns the protocol name of this <code>SSLContext</code> object.242*243* <p>This is the same name that was specified in one of the244* <code>getInstance</code> calls that created this245* <code>SSLContext</code> object.246*247* @return the protocol name of this <code>SSLContext</code> object.248*/249public final String getProtocol() {250return this.protocol;251}252253/**254* Returns the provider of this <code>SSLContext</code> object.255*256* @return the provider of this <code>SSLContext</code> object257*/258public final Provider getProvider() {259return this.provider;260}261262/**263* Initializes this context. Either of the first two parameters264* may be null in which case the installed security providers will265* be searched for the highest priority implementation of the266* appropriate factory. Likewise, the secure random parameter may267* be null in which case the default implementation will be used.268* <P>269* Only the first instance of a particular key and/or trust manager270* implementation type in the array is used. (For example, only271* the first javax.net.ssl.X509KeyManager in the array will be used.)272*273* @param km the sources of authentication keys or null274* @param tm the sources of peer authentication trust decisions or null275* @param random the source of randomness for this generator or null276* @throws KeyManagementException if this operation fails277*/278public final void init(KeyManager[] km, TrustManager[] tm,279SecureRandom random)280throws KeyManagementException {281contextSpi.engineInit(km, tm, random);282}283284/**285* Returns a <code>SocketFactory</code> object for this286* context.287*288* @return the <code>SocketFactory</code> object289* @throws IllegalStateException if the SSLContextImpl requires290* initialization and the <code>init()</code> has not been called291*/292public final SSLSocketFactory getSocketFactory() {293return contextSpi.engineGetSocketFactory();294}295296/**297* Returns a <code>ServerSocketFactory</code> object for298* this context.299*300* @return the <code>ServerSocketFactory</code> object301* @throws IllegalStateException if the SSLContextImpl requires302* initialization and the <code>init()</code> has not been called303*/304public final SSLServerSocketFactory getServerSocketFactory() {305return contextSpi.engineGetServerSocketFactory();306}307308/**309* Creates a new <code>SSLEngine</code> using this context.310* <P>311* Applications using this factory method are providing no hints312* for an internal session reuse strategy. If hints are desired,313* {@link #createSSLEngine(String, int)} should be used314* instead.315* <P>316* Some cipher suites (such as Kerberos) require remote hostname317* information, in which case this factory method should not be used.318*319* @return the <code>SSLEngine</code> object320* @throws UnsupportedOperationException if the underlying provider321* does not implement the operation.322* @throws IllegalStateException if the SSLContextImpl requires323* initialization and the <code>init()</code> has not been called324* @since 1.5325*/326public final SSLEngine createSSLEngine() {327try {328return contextSpi.engineCreateSSLEngine();329} catch (AbstractMethodError e) {330UnsupportedOperationException unsup =331new UnsupportedOperationException(332"Provider: " + getProvider() +333" doesn't support this operation");334unsup.initCause(e);335throw unsup;336}337}338339/**340* Creates a new <code>SSLEngine</code> using this context using341* advisory peer information.342* <P>343* Applications using this factory method are providing hints344* for an internal session reuse strategy.345* <P>346* Some cipher suites (such as Kerberos) require remote hostname347* information, in which case peerHost needs to be specified.348*349* @param peerHost the non-authoritative name of the host350* @param peerPort the non-authoritative port351* @return the new <code>SSLEngine</code> object352* @throws UnsupportedOperationException if the underlying provider353* does not implement the operation.354* @throws IllegalStateException if the SSLContextImpl requires355* initialization and the <code>init()</code> has not been called356* @since 1.5357*/358public final SSLEngine createSSLEngine(String peerHost, int peerPort) {359try {360return contextSpi.engineCreateSSLEngine(peerHost, peerPort);361} catch (AbstractMethodError e) {362UnsupportedOperationException unsup =363new UnsupportedOperationException(364"Provider: " + getProvider() +365" does not support this operation");366unsup.initCause(e);367throw unsup;368}369}370371/**372* Returns the server session context, which represents the set of373* SSL sessions available for use during the handshake phase of374* server-side SSL sockets.375* <P>376* This context may be unavailable in some environments, in which377* case this method returns null. For example, when the underlying378* SSL provider does not provide an implementation of SSLSessionContext379* interface, this method returns null. A non-null session context380* is returned otherwise.381*382* @return server session context bound to this SSL context383*/384public final SSLSessionContext getServerSessionContext() {385return contextSpi.engineGetServerSessionContext();386}387388/**389* Returns the client session context, which represents the set of390* SSL sessions available for use during the handshake phase of391* client-side SSL sockets.392* <P>393* This context may be unavailable in some environments, in which394* case this method returns null. For example, when the underlying395* SSL provider does not provide an implementation of SSLSessionContext396* interface, this method returns null. A non-null session context397* is returned otherwise.398*399* @return client session context bound to this SSL context400*/401public final SSLSessionContext getClientSessionContext() {402return contextSpi.engineGetClientSessionContext();403}404405/**406* Returns a copy of the SSLParameters indicating the default407* settings for this SSL context.408*409* <p>The parameters will always have the ciphersuites and protocols410* arrays set to non-null values.411*412* @return a copy of the SSLParameters object with the default settings413* @throws UnsupportedOperationException if the default SSL parameters414* could not be obtained.415* @since 1.6416*/417public final SSLParameters getDefaultSSLParameters() {418return contextSpi.engineGetDefaultSSLParameters();419}420421/**422* Returns a copy of the SSLParameters indicating the supported423* settings for this SSL context.424*425* <p>The parameters will always have the ciphersuites and protocols426* arrays set to non-null values.427*428* @return a copy of the SSLParameters object with the supported429* settings430* @throws UnsupportedOperationException if the supported SSL parameters431* could not be obtained.432* @since 1.6433*/434public final SSLParameters getSupportedSSLParameters() {435return contextSpi.engineGetSupportedSSLParameters();436}437438}439440441