javax.net.ssl
Class SSLEngine

java.lang.Object
  extended by javax.net.ssl.SSLEngine

public abstract class SSLEngine
extends Object

A class for low-level message wrapping and unwrapping of SSL messages.

Since:
1.5

Constructor Summary
protected SSLEngine()
          Creates a new SSLEngine with no peer host name or port number.
protected SSLEngine(String peerHost, int peerPort)
          Creates a new SSLEngine with the specified peer host name and port number.
 
Method Summary
abstract  void beginHandshake()
          Begin, or restart, the SSL handshake.
abstract  void closeInbound()
          Close the inbound state.
abstract  void closeOutbound()
          Close the outbound state.
abstract  Runnable getDelegatedTask()
           
abstract  String[] getEnabledCipherSuites()
          Returns a list of SSL cipher suite names this SSLEngine is configured to use.
abstract  String[] getEnabledProtocols()
          Returns a list of SSL protocol version names this SSLEngine is configured to use.
abstract  boolean getEnableSessionCreation()
          Tells if sessions will be created by this engine, and therefore may be resumed at a later time.
abstract  SSLEngineResult.HandshakeStatus getHandshakeStatus()
          Return the current handshake status.
abstract  boolean getNeedClientAuth()
          Tells if this SSLEngine is configured to require client authentication when in server mode.
 String getPeerHost()
          Returns the peer host name this SSL session is connected to, or null if this value was not set.
 int getPeerPort()
          Returns the peer IP port number this SSL session in communicating on, or -1 if this value was not set.
abstract  SSLSession getSession()
          Return the SSLSession object this connection represents.
abstract  String[] getSupportedCipherSuites()
          Returns a list of SSL cipher suite names this SSLEngine implementation supports.
abstract  String[] getSupportedProtocols()
          Returns a list of SSL protocol version names this SSLEngine implementation supports.
abstract  boolean getUseClientMode()
          Tells if this SSLEngine is a "client" session.
abstract  boolean getWantClientAuth()
          Tells if client authentication is requested, but not required, for sessions in server mode.
abstract  boolean isInboundDone()
          Tells if the incoming data stream is finished, and thus if no more data will be available to be unwrapped.
abstract  boolean isOutboundDone()
          Tells if the outgoing data stream is finished, and thus if no more data may be wrapped.
abstract  void setEnabledCipherSuites(String[] suites)
          Sets the list of enabled cipher suites.
abstract  void setEnabledProtocols(String[] protocols)
          Sets the list of enabled protocol versions.
abstract  void setEnableSessionCreation(boolean create)
          Enables or disables session creation.
abstract  void setNeedClientAuth(boolean needAuth)
          Enables or disables required client authentication.
abstract  void setUseClientMode(boolean clientMode)
          Enables client or server mode.
abstract  void setWantClientAuth(boolean wantAuth)
          Enables or disables requested client authentication.
 SSLEngineResult unwrap(ByteBuffer source, ByteBuffer sink)
          Unwraps a byte buffer recieved from the network, storing the decrypted, unwrapped bytes into the given buffer.
 SSLEngineResult unwrap(ByteBuffer source, ByteBuffer[] sinks)
          Unwraps a byte buffer recieved from the network, storing the decrypted, unwrapped bytes into the given buffers.
abstract  SSLEngineResult unwrap(ByteBuffer source, ByteBuffer[] sinks, int offset, int length)
          Unwraps a byte buffer received from the network, storing the decrypted, unwrapped bytes into the given buffers.
 SSLEngineResult wrap(ByteBuffer[] sources, ByteBuffer sink)
          Wraps byte buffers into an SSL message, for preparation to send them over the network.
abstract  SSLEngineResult wrap(ByteBuffer[] sources, int offset, int length, ByteBuffer sink)
          Wraps byte buffers into an SSL message, for preparation to send them over the network.
 SSLEngineResult wrap(ByteBuffer source, ByteBuffer sink)
          Wraps a byte buffer into an SSL message, for preparation to send it over the network.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SSLEngine

protected SSLEngine()
Creates a new SSLEngine with no peer host name or port number.


SSLEngine

protected SSLEngine(String peerHost,
                    int peerPort)
Creates a new SSLEngine with the specified peer host name and port number.

Parameters:
peerHost - The peer's host name.
peerPort - The peer's port number.
Method Detail

beginHandshake

public abstract void beginHandshake()
                             throws SSLException
Begin, or restart, the SSL handshake.

Throws:
SSLException

closeInbound

public abstract void closeInbound()
                           throws SSLException
Close the inbound state.

Throws:
SSLException

closeOutbound

public abstract void closeOutbound()
Close the outbound state.


getDelegatedTask

public abstract Runnable getDelegatedTask()

getPeerHost

public String getPeerHost()
Returns the peer host name this SSL session is connected to, or null if this value was not set.

Returns:
The peer host's name.

getPeerPort

public int getPeerPort()
Returns the peer IP port number this SSL session in communicating on, or -1 if this value was not set.

Returns:
The peer's port number.

getEnabledCipherSuites

public abstract String[] getEnabledCipherSuites()
Returns a list of SSL cipher suite names this SSLEngine is configured to use.

Returns:
The list of enabled cipher suite names.

getEnabledProtocols

public abstract String[] getEnabledProtocols()
Returns a list of SSL protocol version names this SSLEngine is configured to use.

Returns:
The list of enabled protocol names.

getEnableSessionCreation

public abstract boolean getEnableSessionCreation()
Tells if sessions will be created by this engine, and therefore may be resumed at a later time.

Returns:
True if sessions will be created.

getHandshakeStatus

public abstract SSLEngineResult.HandshakeStatus getHandshakeStatus()
Return the current handshake status.

Returns:
The current handshake status.

getNeedClientAuth

public abstract boolean getNeedClientAuth()
Tells if this SSLEngine is configured to require client authentication when in server mode.

Returns:
True iff client authentication is required.

getSession

public abstract SSLSession getSession()
Return the SSLSession object this connection represents.

Returns:
The SSL session.

getSupportedCipherSuites

public abstract String[] getSupportedCipherSuites()
Returns a list of SSL cipher suite names this SSLEngine implementation supports.

Returns:
The list of cipher suite names supported by this implementation.

getSupportedProtocols

public abstract String[] getSupportedProtocols()
Returns a list of SSL protocol version names this SSLEngine implementation supports. SSL protocol names include things like "SSLv3" or "TLSv1".

Returns:
The list of SSL protocol names

getUseClientMode

public abstract boolean getUseClientMode()
Tells if this SSLEngine is a "client" session.

Returns:
True iff this session is configured for client mode.

getWantClientAuth

public abstract boolean getWantClientAuth()
Tells if client authentication is requested, but not required, for sessions in server mode. If true, a server session will request an authentication message from connecting clients, but will still allow clients to connect if they cannot be authenticated.

Returns:
True iff client authentication is requested.

isInboundDone

public abstract boolean isInboundDone()
Tells if the incoming data stream is finished, and thus if no more data will be available to be unwrapped.

Returns:
True if no more data is to be unwrapped.

isOutboundDone

public abstract boolean isOutboundDone()
Tells if the outgoing data stream is finished, and thus if no more data may be wrapped.

Returns:
True if no more data may be wrapped.

setEnabledCipherSuites

public abstract void setEnabledCipherSuites(String[] suites)
Sets the list of enabled cipher suites. The argument is an array of strings of the canonical suite names.

Parameters:
suites - The cipher suites to enable.
Throws:
IllegalArgumentException - If any of the specified suite strings is not supported by this implementation, or if the argument is null.

setEnabledProtocols

public abstract void setEnabledProtocols(String[] protocols)
Sets the list of enabled protocol versions. The argument is an array of strings of the canonical protocol version names, such as "TLSv1".

Parameters:
protocols - The protocol versions to enable.
Throws:
IllegalArgumentException - If any of the specified protocols are not supported, or if the argument is null.

setEnableSessionCreation

public abstract void setEnableSessionCreation(boolean create)
Enables or disables session creation. If enabled, each connection will create session that may be resumed by another connection.

Parameters:
create - Whether or not to enable session creation.

setUseClientMode

public abstract void setUseClientMode(boolean clientMode)
Enables client or server mode. If the argument is true, this engine will run in client mode; if false, server mode.

Parameters:
clientMode - Whether or not to use client mode.

setNeedClientAuth

public abstract void setNeedClientAuth(boolean needAuth)
Enables or disables required client authentication. If enabled, clients may only connect if they provide proper identification.

This parameter is only used in server mode.

Parameters:
needAuth - Whether or not client authentication is required.

setWantClientAuth

public abstract void setWantClientAuth(boolean wantAuth)
Enables or disables requested client authentication. If enabled, clients will be asked to provide proper identification, but will still be allowed to connect if they do not provide it.

This parameter is only used in server mode.

Parameters:
wantAuth - Whether or not client authentication will be requested, but not required.

unwrap

public SSLEngineResult unwrap(ByteBuffer source,
                              ByteBuffer sink)
                       throws SSLException
Unwraps a byte buffer recieved from the network, storing the decrypted, unwrapped bytes into the given buffer.

This call is exactly equivalent to unwrap (source, new ByteBuffer[] { sink }, 0, 1).

Parameters:
source - The source bytes, coming from the network.
sink - The buffer to hold the unwrapped message.
Returns:
An engine result object for the operation.
Throws:
SSLException - If an SSL message parsing error occurs.
ReadOnlyBufferException - If 'sink' is not writable.
IllegalArgumentException - If either 'source' or 'sink' is null.
IllegalStateException - If this engine has not been put into client or server mode.

unwrap

public SSLEngineResult unwrap(ByteBuffer source,
                              ByteBuffer[] sinks)
                       throws SSLException
Unwraps a byte buffer recieved from the network, storing the decrypted, unwrapped bytes into the given buffers.

This call is exactly equivalent to unwrap (source, sinks, 0, sinks.length).

Parameters:
source - The source bytes, coming from the network.
sinks - The buffers to hold the unwrapped message.
Returns:
An engine result object for the operation.
Throws:
SSLException - If an SSL message parsing error occurs.
ReadOnlyBufferException - If any buffer in 'sinks' is not writable.
IllegalArgumentException - If either 'source' or 'sinks' is null.
IllegalStateException - If this engine has not been put into client or server mode.

unwrap

public abstract SSLEngineResult unwrap(ByteBuffer source,
                                       ByteBuffer[] sinks,
                                       int offset,
                                       int length)
                                throws SSLException
Unwraps a byte buffer received from the network, storing the decrypted, unwrapped bytes into the given buffers. After unwrapping, the bytes placed into the sink buffers are ready for consumption by the application.

This method may place no bytes in the destination buffer; for example, if this engine is still performing the SSL handshake, only handshake data will be consumed, and no application data.

It is stated that this method may modify the source buffer, and that it must not be passed to another SSLEngine (SSL connections are independent, so another SSLEngine will not have the parameters or state to handle messages meant for this engine).

Parameters:
source - The source bytes, coming from the network.
sinks - The buffers to hold the unwrapped message.
offset - The index of the first buffer in 'sinks' to use.
length - The number of buffers in 'sinks' to use.
Returns:
An engine result object for the operation.
Throws:
SSLException - If an SSL message parsing error occurs.
ReadOnlyBufferException - If any buffer in 'sinks' is not writable.
IllegalArgumentException - If either 'source' or 'sinks' is null.
IllegalStateException - If this engine has not been put into client or server mode.
IndexOutOfBoundsException - If 'offset' or 'length' is negative, or if 'length+offset' is greater than 'sinks.length'.

wrap

public SSLEngineResult wrap(ByteBuffer source,
                            ByteBuffer sink)
                     throws SSLException
Wraps a byte buffer into an SSL message, for preparation to send it over the network.

This method is exactly equivalent to wrap (new ByteBuffer[] { source }, 0, 1, sink).

Parameters:
source - The source buffer with application data.
sink - The buffer to hold the wrapped data.
Returns:
An engine result object for the operation.
Throws:
SSLException - If an SSL error occurs.
ReadOnlyBufferException - If 'sink' is read-only.
IllegalArgumentException - If either 'source' or 'sink' is null.
IllegalStateException - If this engine has not been put into client or server mode.

wrap

public SSLEngineResult wrap(ByteBuffer[] sources,
                            ByteBuffer sink)
                     throws SSLException
Wraps byte buffers into an SSL message, for preparation to send them over the network.

This method is exactly equivalent to wrap (sources, 0, 1, sink).

Parameters:
sources - The source buffers with application data.
sink - The buffer to hold the wrapped data.
Returns:
An engine result object for the operation.
Throws:
SSLException - If an SSL error occurs.
ReadOnlyBufferException - If 'sink' is read-only.
IllegalArgumentException - If either 'sources' or 'sink' is null.
IllegalStateException - If this engine has not been put into client or server mode.

wrap

public abstract SSLEngineResult wrap(ByteBuffer[] sources,
                                     int offset,
                                     int length,
                                     ByteBuffer sink)
                              throws SSLException
Wraps byte buffers into an SSL message, for preparation to send them over the network. After wrapping, the data in the sink buffer is ready to be sent over the transport layer.

This method may consume no data from the source buffers, and yet still produce output that should be sent accross the wire; for example if this engine has not yet completed the SSL handshake, the sink buffer will be filled with handshake messages.

Parameters:
sources - The source buffers with application data.
offset - The offset into the source buffers to start reading application data.
length - The number of buffers to read from 'sources'.
sink - The buffer to hold the wrapped data.
Returns:
An engine result object for the operation.
Throws:
SSLException - If an SSL error occurs.
ReadOnlyBufferException - If 'sink' is read-only.
IllegalArgumentException - If either 'sources' or 'sink' is null.
IllegalStateException - If this engine has not been put into client or server mode.
IndexOutOfBoundsException - If 'offset' or 'length' is negative, or if 'length+offset' is greater than 'sources.length'.