harmony-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ge...@apache.org
Subject svn commit: r423275 [1/7] - in /incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org: ./ apache/ apache/harmony/ apache/harmony/security/ apache/harmony/security/provider/ apache/harmony/security/provider/jsse/
Date Tue, 18 Jul 2006 22:50:14 GMT
Author: geirm
Date: Tue Jul 18 15:50:12 2006
New Revision: 423275

URL: http://svn.apache.org/viewvc?rev=423275&view=rev
Log:
initial commit of contributed code from HARMONY-536,
JSSE Provider Contribution

Package name will be changed



Added:
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/AlertException.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/AlertProtocol.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/Appendable.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/CertificateMessage.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/CertificateRequest.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/CertificateVerify.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/CipherSuite.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/ClientHandshakeImpl.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/ClientHello.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/ClientKeyExchange.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/ConnectionState.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/ConnectionStateSSLv3.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/ConnectionStateTLS.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/ContentType.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/DHParameters.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/DataStream.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/DelegatedTask.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/DigitalSignature.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/EndOfBufferException.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/EndOfSourceException.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/Finished.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/Handshake.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/HandshakeIODataStream.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/HandshakeProtocol.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/HelloRequest.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/JSSEProvider.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/KeyManagerFactoryImpl.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/KeyManagerImpl.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/Logger.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/Message.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/PRF.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/ProtocolVersion.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/SSLBufferedInput.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/SSLContextImpl.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/SSLEngineAppData.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/SSLEngineDataStream.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/SSLEngineImpl.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/SSLInputStream.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/SSLParameters.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/SSLRecordProtocol.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/SSLServerSocketFactoryImpl.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/SSLServerSocketImpl.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/SSLSessionContextImpl.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/SSLSessionImpl.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/SSLSocketFactoryImpl.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/SSLSocketImpl.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/SSLSocketInputStream.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/SSLSocketOutputStream.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/SSLSocketWrapper.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/SSLStreamedInput.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/SSLv3Constants.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/ServerHandshakeImpl.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/ServerHello.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/ServerHelloDone.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/ServerKeyExchange.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/TrustManagerFactoryImpl.java
    incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/TrustManagerImpl.java

Added: incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/AlertException.java
URL: http://svn.apache.org/viewvc/incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/AlertException.java?rev=423275&view=auto
==============================================================================
--- incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/AlertException.java (added)
+++ incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/AlertException.java Tue Jul 18 15:50:12 2006
@@ -0,0 +1,69 @@
+/*
+ *  Copyright 2006 The Apache Software Foundation or its licensors, as applicable.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+ * @author Alexander Y. Kleymenov
+ * @version $Revision$
+ */
+
+package org.apache.harmony.security.provider.jsse;
+
+import javax.net.ssl.SSLException;
+
+/**
+ * This exception is used to signalize the fatal alert
+ * occured during the work of protocol.
+ */
+public class AlertException extends RuntimeException {
+
+    // SSLException to be thrown to application side
+    private final SSLException reason;
+    // alert description code
+    private final byte description;
+
+    /**
+     * Constructs the instance.
+     * @param   description:    The alert description code.
+     * @see AlertProtocol
+     * @param   reason:  The SSLException to be thrown to application
+     * side after alert processing (sending the record with alert,
+     * shoutdown work, etc).
+     */
+    protected AlertException(byte description, SSLException reason) {
+        super(reason);
+        this.reason = reason;
+        this.description = description;
+    }
+
+    /**
+     * Returns the reason of alert. This reason should be rethrown
+     * after alert protcessin.
+     * @return the reason of alert.
+     */
+    protected SSLException getReason() {
+        return reason;
+    }
+
+    /**
+     * Returns alert's description code.
+     * @return byte value describing the occured alert.
+     * @see AlertProtocol for more information about possible
+     * reason codes.
+     */
+    protected byte getDescriptionCode() {
+        return description;
+    }
+}

Added: incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/AlertProtocol.java
URL: http://svn.apache.org/viewvc/incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/AlertProtocol.java?rev=423275&view=auto
==============================================================================
--- incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/AlertProtocol.java (added)
+++ incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/AlertProtocol.java Tue Jul 18 15:50:12 2006
@@ -0,0 +1,288 @@
+/*
+ *  Copyright 2006 The Apache Software Foundation or its licensors, as applicable.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+ * @author Alexander Y. Kleymenov
+ * @version $Revision$
+ */
+
+package org.apache.harmony.security.provider.jsse;
+
+/**
+ * This class encapsulates the functionality of Alert Protocol.
+ * Constant values are taken according to the TLS v1 specification
+ * (http://www.ietf.org/rfc/rfc2246.txt), p 7.2.
+ */
+public class AlertProtocol {
+
+    // ------------------------ AlertLevel codes --------------------------
+    /**
+     * Defines the severity of alert as warning
+     */
+    protected static final byte WARNING = 1;
+    /**
+     * Defines the severity of alert as fatal
+     */
+    protected static final byte FATAL = 2;
+    
+    // --------------------- AlertDescription codes -----------------------
+    /**
+     * Defines the description code of the close_notify alert
+     */
+    protected static final byte CLOSE_NOTIFY = 0;
+    /**
+     * Defines the description code of the unexpected_message alert
+     */
+    protected static final byte UNEXPECTED_MESSAGE = 10;
+    /**
+     * Defines the description code of the bad_record_mac alert
+     */
+    protected static final byte BAD_RECORD_MAC = 20;
+    /**
+     * Defines the description code of the decryption_failed alert
+     */
+    protected static final byte DECRYPTION_FAILED = 21;
+    /**
+     * Defines the description code of the record_overflow alert
+     */
+    protected static final byte RECORD_OVERFLOW = 22;
+    /**
+     * Defines the description code of the decompression_failure alert
+     */
+    protected static final byte DECOMPRESSION_FAILURE = 30;
+    /**
+     * Defines the description code of the handshake_failure alert
+     */
+    protected static final byte HANDSHAKE_FAILURE = 40;
+    /**
+     * Defines the description code of the bad_certificate alert
+     */
+    protected static final byte BAD_CERTIFICATE = 42;
+    /**
+     * Defines the description code of the unsupported_certificate alert
+     */
+    protected static final byte UNSUPPORTED_CERTIFICATE = 43;
+    /**
+     * Defines the description code of the certificate_revoked alert
+     */
+    protected static final byte CERTIFICATE_REVOKED = 44;
+    /**
+     * Defines the description code of the certificate_expired alert
+     */
+    protected static final byte CERTIFICATE_EXPIRED = 45;
+    /**
+     * Defines the description code of the certificate_unknown alert
+     */
+    protected static final byte CERTIFICATE_UNKNOWN = 46;
+    /**
+     * Defines the description code of the illegal_parameter alert
+     */
+    protected static final byte ILLEGAL_PARAMETER = 47;
+    /**
+     * Defines the description code of the unknown_ca alert
+     */
+    protected static final byte UNKNOWN_CA = 48;
+    /**
+     * Defines the description code of the access_denied alert
+     */
+    protected static final byte ACCESS_DENIED = 49;
+    /**
+     * Defines the description code of the decode_error alert
+     */
+    protected static final byte DECODE_ERROR = 50;
+    /**
+     * Defines the description code of the decrypt_error alert
+     */
+    protected static final byte DECRYPT_ERROR = 51;
+    /**
+     * Defines the description code of the export_restriction alert
+     */
+    protected static final byte EXPORT_RESTRICTION = 60;
+    /**
+     * Defines the description code of the protocol_version alert
+     */
+    protected static final byte PROTOCOL_VERSION = 70;
+    /**
+     * Defines the description code of the insufficient_security alert
+     */
+    protected static final byte INSUFFICIENT_SECURITY = 71;
+    /**
+     * Defines the description code of the internal_error alert
+     */
+    protected static final byte INTERNAL_ERROR = 80;
+    /**
+     * Defines the description code of the user_canceled alert
+     */
+    protected static final byte USER_CANCELED = 90;
+    /**
+     * Defines the description code of the no_renegotiation alert
+     */
+    protected static final byte NO_RENEGOTIATION = 100;
+
+
+    // holds level and description codes
+    private final byte[] alert = new byte[2];
+    // record protocol to be used to wrap the alerts
+    private SSLRecordProtocol recordProtocol;
+
+    private Logger.Stream logger = Logger.getStream("alert");
+
+    /**
+     * Creates the instance of AlertProtocol.
+     * Note that class is not ready to work without providing of
+     * record protocol
+     * @see setRecordProtocol
+     */
+    protected AlertProtocol() {}
+
+    /**
+     * Sets up the record protocol to be used by this allert protocol.
+     */
+    protected void setRecordProtocol(SSLRecordProtocol recordProtocol) {        
+        this.recordProtocol = recordProtocol;
+    }
+
+    /**
+     * Reports an alert to be sent/received by transport.
+     * This method is usually called during processing
+     * of the income TSL record: if it contains alert message from another
+     * peer, or if warning alert occured during the processing of the
+     * message and this warning should be sent to another peer.
+     * @param   level:  alert level code
+     * @param   description: alert description code
+     * @return
+     */
+    protected void alert(byte level, byte description) {
+        if (logger != null) {
+            logger.println("Alert.alert: "+level+" "+description);
+        }
+        this.alert[0] = level;
+        this.alert[1] = description;
+    }
+
+    /**
+     * Returns the description code of alert or -100 if there
+     * is no alert.
+     */
+    protected byte getDescriptionCode() {
+        return (alert[0] != 0) ? alert[1] : -100;
+    }
+
+    /**
+     * Resets the protocol to be in "no alert" state.
+     * This method shoud be called after processing of the reported alert.
+     */
+    protected void setProcessed() {
+        // free the info about alert
+        if (logger != null) {
+            logger.println("Alert.setProcessed");
+        }
+        this.alert[0] = 0;
+    }
+
+    /**
+     * Checks if any alert has occured.
+     */
+    protected boolean hasAlert() {
+        return (alert[0] != 0);
+    }
+
+    /**
+     * Checks if occured alert is fatal alert.
+     */
+    protected boolean isFatalAlert() {
+        return (alert[0] == 2);
+    }
+
+    /**
+     * Returns the string representation of occured alert.
+     * If no alert has occured null is returned.
+     */
+    protected String getAlertDescription() {
+        switch (alert[1]) {
+        case CLOSE_NOTIFY:
+            return "close_notify";
+        case UNEXPECTED_MESSAGE:
+            return "unexpected_message";
+        case BAD_RECORD_MAC:
+            return "bad_record_mac";
+        case DECRYPTION_FAILED:
+            return "decryption_failed";
+        case RECORD_OVERFLOW:
+            return "record_overflow";
+        case DECOMPRESSION_FAILURE:
+            return "decompression_failure";
+        case HANDSHAKE_FAILURE:
+            return "handshake_failure";
+        case BAD_CERTIFICATE:
+            return "bad_certificate";
+        case UNSUPPORTED_CERTIFICATE:
+            return "unsupported_certificate";
+        case CERTIFICATE_REVOKED:
+            return "certificate_revoked";
+        case CERTIFICATE_EXPIRED:
+            return "certificate_expired";
+        case CERTIFICATE_UNKNOWN:
+            return "certificate_unknown";
+        case ILLEGAL_PARAMETER:
+            return "illegal_parameter";
+        case UNKNOWN_CA:
+            return "unknown_ca";
+        case ACCESS_DENIED:
+            return "access_denied";
+        case DECODE_ERROR:
+            return "decode_error";
+        case DECRYPT_ERROR:
+            return "decrypt_error";
+        case EXPORT_RESTRICTION:
+            return "export_restriction";
+        case PROTOCOL_VERSION:
+            return "protocol_version";
+        case INSUFFICIENT_SECURITY:
+            return "insufficient_security";
+        case INTERNAL_ERROR:
+            return "internal_error";
+        case USER_CANCELED:
+            return "user_canceled";
+        case NO_RENEGOTIATION:
+            return "no_renegotiation";
+        }
+        return null;
+    }
+
+    /**
+     * Returns the record with reported alert message.
+     * The returned array of bytes is ready to be sent to another peer.
+     * Note, that this method does not automatically set the state of allert
+     * protocol in "no alert" state, so after wrapping the method setProcessed
+     * should be called.
+     */
+    protected byte[] wrap() {
+        byte[] res = recordProtocol.wrap(ContentType.ALERT, alert, 0, 2);
+        return res;
+    }
+    
+    /**
+     * Shutdownes the protocol. It will be impossiblke to use the instance
+     * after the calling of this method.
+     */
+    protected void shutdown() {
+        alert[0] = 0;
+        alert[1] = 0;
+        recordProtocol = null;
+    }
+}
+

Added: incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/Appendable.java
URL: http://svn.apache.org/viewvc/incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/Appendable.java?rev=423275&view=auto
==============================================================================
--- incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/Appendable.java (added)
+++ incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/Appendable.java Tue Jul 18 15:50:12 2006
@@ -0,0 +1,37 @@
+/*
+ *  Copyright 2006 The Apache Software Foundation or its licensors, as applicable.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+ * @author Alexander Y. Kleymenov
+ * @version $Revision$
+ */
+
+package org.apache.harmony.security.provider.jsse;
+
+/**
+ * This interface represents the ability of the input stream related
+ * classes to provide additianal data to be read.
+ */
+public interface Appendable {
+
+    /**
+     * Provides the additional data to be read.
+     * @param   src:  the source data to be appended.
+     */
+    public void append(byte[] src);
+
+}
+

Added: incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/CertificateMessage.java
URL: http://svn.apache.org/viewvc/incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/CertificateMessage.java?rev=423275&view=auto
==============================================================================
--- incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/CertificateMessage.java (added)
+++ incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/CertificateMessage.java Tue Jul 18 15:50:12 2006
@@ -0,0 +1,173 @@
+/*
+ *  Copyright 2006 The Apache Software Foundation or its licensors, as applicable.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+ * @author Boris Kuznetsov
+ * @version $Revision$
+ */
+
+package org.apache.harmony.security.provider.jsse;
+
+import java.io.IOException;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.Vector;
+
+/**
+ * 
+ * Represents server/client certificate message
+ * @see TLS 1.0 spec., 7.4.2. Server certificate; 7.4.6. Client certificate
+ * (http://www.ietf.org/rfc/rfc2246.txt)
+ * 
+ */
+public class CertificateMessage extends Message {
+
+    /**
+     * Certificates
+     */
+    X509Certificate[] certs;
+
+    /**
+     * Certificates in encoded form
+     */
+    byte[][] encoded_certs;
+
+    /**
+     * Creates inbound message
+     * 
+     * @param in
+     * @param length
+     * @throws IOException
+     */
+    public CertificateMessage(HandshakeIODataStream in, int length)
+            throws IOException {
+        int l = in.readUint24(); // total_length
+        if (l == 0) {  // message contais no certificates
+            if (length != 3) { // no more bytes after total_length
+                fatalAlert(AlertProtocol.DECODE_ERROR,
+                        "DECODE ERROR: incorrect CertificateMessage");
+            }
+            certs = new X509Certificate[0];
+            encoded_certs = new byte[0][0];
+            this.length = 3;
+            return;
+        }
+        CertificateFactory cf;
+        try {
+            cf = CertificateFactory.getInstance("X509");
+        } catch (CertificateException e) {
+            fatalAlert(AlertProtocol.INTERNAL_ERROR, "INTERNAL ERROR", e);
+            return;
+        }
+        Vector certs_vector = new Vector();
+        int size = 0;
+        int enc_size = 0;
+        while (l > 0) {
+            size = in.readUint24();
+            l -= 3;
+            try {
+                certs_vector.add(cf.generateCertificate(in));
+            } catch (CertificateException e) {
+                fatalAlert(AlertProtocol.DECODE_ERROR, "DECODE ERROR", e);
+            }
+            l -= size;
+            enc_size += size;
+        }
+        certs = new X509Certificate[certs_vector.size()];
+        for (int i = 0; i < certs.length; i++) {
+            certs[i] = (X509Certificate) certs_vector.elementAt(i);
+        }
+        this.length = 3 + 3 * certs.length + enc_size;
+        if (this.length != length) {
+            fatalAlert(AlertProtocol.DECODE_ERROR,
+                    "DECODE ERROR: incorrect CertificateMessage");
+        }
+
+    }
+
+    /**
+     * Creates outbound message
+     * 
+     * @param certs
+     */
+    public CertificateMessage(X509Certificate[] certs) {
+        if (certs == null) {
+            this.certs = new X509Certificate[0];
+            encoded_certs = new byte[0][0];
+            length = 3;
+            return;
+        }
+        this.certs = certs;
+        if (encoded_certs == null) {
+            encoded_certs = new byte[certs.length][];
+            for (int i = 0; i < certs.length; i++) {
+                try {
+                    encoded_certs[i] = certs[i].getEncoded();
+                } catch (CertificateEncodingException e) {
+                    fatalAlert(AlertProtocol.INTERNAL_ERROR, "INTERNAL ERROR",
+                            e);
+                }
+            }
+        }
+        length = 3 + 3 * encoded_certs.length;
+        for (int i = 0; i < encoded_certs.length; i++) {
+            length += encoded_certs[i].length;
+        }
+    }
+
+    /**
+     * Sends message
+     * 
+     * @param out
+     */
+    public void send(HandshakeIODataStream out) {
+
+        int total_length = 0;
+        if (encoded_certs == null) {
+            encoded_certs = new byte[certs.length][];
+            for (int i = 0; i < certs.length; i++) {
+                try {
+                    encoded_certs[i] = certs[i].getEncoded();
+                } catch (CertificateEncodingException e) {
+                    fatalAlert(AlertProtocol.INTERNAL_ERROR, "INTERNAL ERROR",
+                            e);
+                }
+            }
+        }
+        total_length = 3 * encoded_certs.length;
+        for (int i = 0; i < encoded_certs.length; i++) {
+            total_length += encoded_certs[i].length;
+        }
+        out.writeUint24(total_length);
+        for (int i = 0; i < encoded_certs.length; i++) {
+            out.writeUint24(encoded_certs[i].length);
+            out.write(encoded_certs[i]);
+        }
+
+    }
+
+    /**
+     * Returns message type
+     * 
+     * @return
+     */
+    public int getType() {
+        return Handshake.CERTIFICATE;
+    }
+
+}
\ No newline at end of file

Added: incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/CertificateRequest.java
URL: http://svn.apache.org/viewvc/incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/CertificateRequest.java?rev=423275&view=auto
==============================================================================
--- incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/CertificateRequest.java (added)
+++ incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/CertificateRequest.java Tue Jul 18 15:50:12 2006
@@ -0,0 +1,176 @@
+/*
+ *  Copyright 2006 The Apache Software Foundation or its licensors, as applicable.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+ * @author Boris Kuznetsov
+ * @version $Revision$
+ */
+
+package org.apache.harmony.security.provider.jsse;
+
+import java.io.IOException;
+import java.security.cert.X509Certificate;
+
+import javax.security.auth.x500.X500Principal;
+
+/**
+ * 
+ * Represents certificate request message
+ * @see TLS 1.0 spec., 7.4.4. Certificate request
+ * (http://www.ietf.org/rfc/rfc2246.txt)
+ */
+public class CertificateRequest extends Message {
+
+    /**
+     * Client certificate types as defined in 
+     * TLS 1.0 spec., 7.4.4. Certificate request
+     */
+    public static final byte RSA_SIGN = 1;
+    public static final byte DSS_SIGN = 2;
+    public static final byte RSA_FIXED_DH = 3;
+    public static final byte DSS_FIXED_DH = 4;
+
+    /**
+     * Requested certificate types
+     */
+    final byte[] certificate_types;
+
+    /**
+     * Certificate authorities
+     */
+    final X500Principal[] certificate_authorities;
+
+    //Requested certificate types as Strings
+    // ("RSA", "DSA", "DH_RSA" or "DH_DSA")
+    private String[] types;
+
+    // Encoded form of certificate authorities
+    private byte[][] encoded_principals;
+
+    /**
+     * Creates outbound message
+     * 
+     * @param certificate_types
+     * @param accepted - array of certificate authority certificates
+     */
+    public CertificateRequest(byte[] certificate_types,
+            X509Certificate[] accepted) {
+
+        if (accepted == null) {
+            fatalAlert(AlertProtocol.INTERNAL_ERROR,
+                    "CertificateRequest: array of certificate authority certificates is null");
+        }
+        this.certificate_types = certificate_types;
+        
+        int totalPrincipalsLength = 0;
+        certificate_authorities = new X500Principal[accepted.length];
+        encoded_principals = new byte[accepted.length][];
+        for (int i = 0; i < accepted.length; i++) {
+            certificate_authorities[i] = accepted[i].getIssuerX500Principal();
+            encoded_principals[i] = certificate_authorities[i].getEncoded();
+            totalPrincipalsLength += encoded_principals[i].length + 2;
+        }
+
+        length = 3 + certificate_types.length + totalPrincipalsLength;
+    }
+
+    /**
+     * Creates inbound message
+     * 
+     * @param in
+     * @param length
+     * @throws IOException
+     */
+    public CertificateRequest(HandshakeIODataStream in, int length)
+            throws IOException {
+        int size = in.readUint8();
+        certificate_types = new byte[size];
+        in.read(certificate_types, 0, size);
+        size = in.readUint16();
+        certificate_authorities = new X500Principal[size];
+        int totalPrincipalsLength = 0;
+        int principalLength = 0;
+        for (int i = 0; i < size; i++) {
+            principalLength = in.readUint16(); // encoded X500Principal size
+            certificate_authorities[i] = new X500Principal(in);
+            totalPrincipalsLength += 2;
+            totalPrincipalsLength += principalLength;
+        }
+        this.length = 3 + certificate_types.length + totalPrincipalsLength;
+        if (this.length != length) {
+            fatalAlert(AlertProtocol.DECODE_ERROR,
+                    "DECODE ERROR: incorrect CertificateRequest");
+        }
+
+    }
+
+    /**
+     * Sends message
+     * 
+     * @param out
+     */
+    public void send(HandshakeIODataStream out) {
+
+        out.writeUint8(certificate_types.length);
+        for (int i = 0; i < certificate_types.length; i++) {
+            out.write(certificate_types[i]);
+        }
+        out.writeUint16(certificate_authorities.length);
+        for (int i = 0; i < certificate_authorities.length; i++) {
+            out.writeUint16(encoded_principals[i].length);
+            out.write(encoded_principals[i]);
+        }
+    }
+
+    /**
+     * Returns message type
+     * 
+     * @return
+     */
+    public int getType() {
+        return Handshake.CERTIFICATE_REQUEST;
+    }
+
+    /**
+     * Returns requested certificate types as array of strings
+     */
+    public String[] getTypesAsString() {
+        if (types == null) {
+            types = new String[certificate_types.length];
+            for (int i = 0; i < types.length; i++) {
+                switch (certificate_types[i]) {
+                case 1:
+                    types[i] = "RSA";
+                    break;
+                case 2:
+                    types[i] = "DSA";
+                    break;
+                case 3:
+                    types[i] = "DH_RSA";
+                    break;
+                case 4:
+                    types[i] = "DH_DSA";
+                    break;
+                default:
+                    fatalAlert(AlertProtocol.DECODE_ERROR,
+                            "DECODE ERROR: incorrect CertificateRequest");
+                }
+            }
+        }
+        return types;
+    }
+
+}
\ No newline at end of file

Added: incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/CertificateVerify.java
URL: http://svn.apache.org/viewvc/incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/CertificateVerify.java?rev=423275&view=auto
==============================================================================
--- incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/CertificateVerify.java (added)
+++ incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/CertificateVerify.java Tue Jul 18 15:50:12 2006
@@ -0,0 +1,88 @@
+/*
+ *  Copyright 2006 The Apache Software Foundation or its licensors, as applicable.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+ * @author Boris Kuznetsov
+ * @version $Revision$
+ */
+
+package org.apache.harmony.security.provider.jsse;
+
+import java.io.IOException;
+
+/**
+ * 
+ * Represents certificate verify message
+ * @see TLS 1.0 spec., 7.4.8. Certificate verify
+ * (http://www.ietf.org/rfc/rfc2246.txt)
+ */
+public class CertificateVerify extends Message {
+
+    /**
+     * Signature
+     */
+    byte[] signedHash;
+
+    /**
+     * Creates outbound message
+     * 
+     * @param hash
+     */
+    public CertificateVerify(byte[] hash) {
+        this.signedHash = hash;
+        length = hash.length;
+    }
+
+    /**
+     * Creates inbound message
+     * 
+     * @param in
+     * @param length
+     * @throws IOException
+     */
+    public CertificateVerify(HandshakeIODataStream in, int length)
+            throws IOException {
+        if (length == 0) {
+            signedHash = new byte[0];
+        } else if (length == 20 || length == 36) {
+            signedHash = in.read(length);
+        } else {
+            fatalAlert(AlertProtocol.DECODE_ERROR,
+                    "DECODE ERROR: incorrect CertificateVerify");
+        }
+        this.length = length;
+    }
+
+    /**
+     * Sends message
+     * 
+     * @param out
+     */
+    public void send(HandshakeIODataStream out) {
+        if (signedHash.length != 0) {
+            out.write(signedHash);
+        }
+    }
+
+    /**
+     * Returns message type
+     * 
+     * @return
+     */
+    public int getType() {
+        return Handshake.CERTIFICATE_VERIFY;
+    }
+}
\ No newline at end of file

Added: incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/CipherSuite.java
URL: http://svn.apache.org/viewvc/incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/CipherSuite.java?rev=423275&view=auto
==============================================================================
--- incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/CipherSuite.java (added)
+++ incubator/harmony/enhanced/classlib/trunk/modules/x-net/src/main/java/org/apache/harmony/security/provider/jsse/CipherSuite.java Tue Jul 18 15:50:12 2006
@@ -0,0 +1,611 @@
+/*
+ *  Copyright 2006 The Apache Software Foundation or its licensors, as applicable.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+ * @author Boris Kuznetsov
+ * @version $Revision$
+ */
+
+package org.apache.harmony.security.provider.jsse;
+
+import java.security.GeneralSecurityException;
+import java.util.Hashtable;
+
+import javax.crypto.Cipher;
+
+/**
+ * Represents Cipher Suite as defined in TLS 1.0 spec., 
+ * A.5. The CipherSuite;
+ * C. CipherSuite definitions.
+ * @see TLS 1.0 spec., http://www.ietf.org/rfc/rfc2246.txt
+ * 
+ */
+public class CipherSuite {
+
+    /**
+     * true if this cipher suite is supported
+     */ 
+    boolean supported = true;
+
+    /**
+     * cipher suite key exchange
+     */
+    final int keyExchange;
+
+    /**
+     * cipher
+     */
+    final String cipherName;
+    
+    /**
+     * Cipher information
+     */
+    final int keyMaterial;
+    final int expandedKeyMaterial;
+    final int effectiveKeyBytes;
+    final int IVSize;
+    final private int blockSize;
+    
+    // cipher suite code
+    private final byte[] cipherSuiteCode;
+
+    // cipher suite name
+    private final String name;
+    
+    // true if cipher suite is exportable
+    private final boolean isExportable;
+
+    // Hash algorithm
+    final private String hashName;
+    
+    // MAC algorithm
+    final private String hmacName;
+    
+    // Hash size
+    final private int hashSize;
+
+    /**
+     * key exchange values
+     */
+    static int KeyExchange_RSA = 1;
+    static int KeyExchange_RSA_EXPORT = 2;
+    static int KeyExchange_DHE_DSS = 3;
+    static int KeyExchange_DHE_DSS_EXPORT = 4;
+    static int KeyExchange_DHE_RSA = 5;
+    static int KeyExchange_DHE_RSA_EXPORT = 6;
+    static int KeyExchange_DH_DSS = 7;
+    static int KeyExchange_DH_RSA = 8;
+    static int KeyExchange_DH_anon = 9;
+    static int KeyExchange_DH_anon_EXPORT = 10;
+    static int KeyExchange_DH_DSS_EXPORT = 11;
+    static int KeyExchange_DH_RSA_EXPORT = 12;
+
+    /**
+     * TLS cipher suite codes
+     */
+    static byte[] code_TLS_NULL_WITH_NULL_NULL = { 0x00, 0x00 };
+    static byte[] code_TLS_RSA_WITH_NULL_MD5 = { 0x00, 0x01 };
+    static byte[] code_TLS_RSA_WITH_NULL_SHA = { 0x00, 0x02 };
+    static byte[] code_TLS_RSA_EXPORT_WITH_RC4_40_MD5 = { 0x00, 0x03 };
+    static byte[] code_TLS_RSA_WITH_RC4_128_MD5 = { 0x00, 0x04 };
+    static byte[] code_TLS_RSA_WITH_RC4_128_SHA = { 0x00, 0x05 };
+    static byte[] code_TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = { 0x00, 0x06 };
+    static byte[] code_TLS_RSA_WITH_IDEA_CBC_SHA = { 0x00, 0x07 };
+    static byte[] code_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00, 0x08 };
+    static byte[] code_TLS_RSA_WITH_DES_CBC_SHA = { 0x00, 0x09 };
+    static byte[] code_TLS_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x0A };
+    static byte[] code_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = { 0x00, 0x0B };
+    static byte[] code_TLS_DH_DSS_WITH_DES_CBC_SHA = { 0x00, 0x0C };
+    static byte[] code_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x0D };
+    static byte[] code_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00, 0x0E };
+    static byte[] code_TLS_DH_RSA_WITH_DES_CBC_SHA = { 0x00, 0x0F };
+    static byte[] code_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x10 };
+    static byte[] code_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = { 0x00, 0x11 };
+    static byte[] code_TLS_DHE_DSS_WITH_DES_CBC_SHA = { 0x00, 0x12 };
+    static byte[] code_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x13 };
+    static byte[] code_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00, 0x14 };
+    static byte[] code_TLS_DHE_RSA_WITH_DES_CBC_SHA = { 0x00, 0x15 };
+    static byte[] code_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x16 };
+    static byte[] code_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 = { 0x00, 0x17 };
+    static byte[] code_TLS_DH_anon_WITH_RC4_128_MD5 = { 0x00, 0x18 };
+    static byte[] code_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = { 0x00, 0x19 };
+    static byte[] code_TLS_DH_anon_WITH_DES_CBC_SHA = { 0x00, 0x1A };
+    static byte[] code_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x1B };
+
+    static CipherSuite TLS_NULL_WITH_NULL_NULL = new CipherSuite(
+            "TLS_NULL_WITH_NULL_NULL", true, 0, null, null,
+            code_TLS_NULL_WITH_NULL_NULL);
+
+    static CipherSuite TLS_RSA_WITH_NULL_MD5 = new CipherSuite(
+            "TLS_RSA_WITH_NULL_MD5", true, KeyExchange_RSA, null, "MD5",
+            code_TLS_RSA_WITH_NULL_MD5);
+
+    static CipherSuite TLS_RSA_WITH_NULL_SHA = new CipherSuite(
+            "TLS_RSA_WITH_NULL_SHA", true, KeyExchange_RSA, null, "SHA",
+            code_TLS_RSA_WITH_NULL_SHA);
+
+    static CipherSuite TLS_RSA_EXPORT_WITH_RC4_40_MD5 = new CipherSuite(
+            "TLS_RSA_EXPORT_WITH_RC4_40_MD5", true, KeyExchange_RSA_EXPORT,
+            "RC4_40", "MD5", code_TLS_RSA_EXPORT_WITH_RC4_40_MD5);
+
+    static CipherSuite TLS_RSA_WITH_RC4_128_MD5 = new CipherSuite(
+            "TLS_RSA_WITH_RC4_128_MD5", false, KeyExchange_RSA, "RC4_128",
+            "MD5", code_TLS_RSA_WITH_RC4_128_MD5);
+
+    static CipherSuite TLS_RSA_WITH_RC4_128_SHA = new CipherSuite(
+            "TLS_RSA_WITH_RC4_128_SHA", false, KeyExchange_RSA, "RC4_128",
+            "SHA", code_TLS_RSA_WITH_RC4_128_SHA);
+
+    static CipherSuite TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = new CipherSuite(
+            "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5", true, KeyExchange_RSA_EXPORT,
+            "RC2_CBC_40", "MD5", code_TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5);
+
+    static CipherSuite TLS_RSA_WITH_IDEA_CBC_SHA = new CipherSuite(
+            "TLS_RSA_WITH_IDEA_CBC_SHA", false, KeyExchange_RSA, "IDEA_CBC",
+            "SHA", code_TLS_RSA_WITH_IDEA_CBC_SHA);
+
+    static CipherSuite TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = new CipherSuite(
+            "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA", true, KeyExchange_RSA_EXPORT,
+            "DES40_CBC", "SHA", code_TLS_RSA_EXPORT_WITH_DES40_CBC_SHA);
+
+    static CipherSuite TLS_RSA_WITH_DES_CBC_SHA = new CipherSuite(
+            "TLS_RSA_WITH_DES_CBC_SHA", false, KeyExchange_RSA, "DES_CBC",
+            "SHA", code_TLS_RSA_WITH_DES_CBC_SHA);
+
+    static CipherSuite TLS_RSA_WITH_3DES_EDE_CBC_SHA = new CipherSuite(
+            "TLS_RSA_WITH_3DES_EDE_CBC_SHA", false, KeyExchange_RSA,
+            "3DES_EDE_CBC", "SHA", code_TLS_RSA_WITH_3DES_EDE_CBC_SHA);
+
+    static CipherSuite TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = new CipherSuite(
+            "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA", true,
+            KeyExchange_DH_DSS_EXPORT, "DES40_CBC", "SHA",
+            code_TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA);
+
+    static CipherSuite TLS_DH_DSS_WITH_DES_CBC_SHA = new CipherSuite(
+            "TLS_DH_DSS_WITH_DES_CBC_SHA", false, KeyExchange_DH_DSS,
+            "DES_CBC", "SHA", code_TLS_DH_DSS_WITH_DES_CBC_SHA);
+
+    static CipherSuite TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = new CipherSuite(
+            "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA", false, KeyExchange_DH_DSS,
+            "3DES_EDE_CBC", "SHA", code_TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA);
+
+    static CipherSuite TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = new CipherSuite(
+            "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA", true,
+            KeyExchange_DH_RSA_EXPORT, "DES40_CBC", "SHA",
+            code_TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA);
+
+    static CipherSuite TLS_DH_RSA_WITH_DES_CBC_SHA = new CipherSuite(
+            "TLS_DH_RSA_WITH_DES_CBC_SHA", false, KeyExchange_DH_RSA,
+            "DES_CBC", "SHA", code_TLS_DH_RSA_WITH_DES_CBC_SHA);
+
+    static CipherSuite TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = new CipherSuite(
+            "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA", false, KeyExchange_DH_RSA,
+            "3DES_EDE_CBC", "SHA", code_TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA);
+
+    static CipherSuite TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = new CipherSuite(
+            "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", true,
+            KeyExchange_DHE_DSS_EXPORT, "DES40_CBC", "SHA",
+            code_TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA);
+
+    static CipherSuite TLS_DHE_DSS_WITH_DES_CBC_SHA = new CipherSuite(
+            "TLS_DHE_DSS_WITH_DES_CBC_SHA", false, KeyExchange_DHE_DSS,
+            "DES_CBC", "SHA", code_TLS_DHE_DSS_WITH_DES_CBC_SHA);
+
+    static CipherSuite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = new CipherSuite(
+            "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", false, KeyExchange_DHE_DSS,
+            "3DES_EDE_CBC", "SHA", code_TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA);
+
+    static CipherSuite TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = new CipherSuite(
+            "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", true,
+            KeyExchange_DHE_RSA_EXPORT, "DES40_CBC", "SHA",
+            code_TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA);
+
+    static CipherSuite TLS_DHE_RSA_WITH_DES_CBC_SHA = new CipherSuite(
+            "TLS_DHE_RSA_WITH_DES_CBC_SHA", false, KeyExchange_DHE_RSA,
+            "DES_CBC", "SHA", code_TLS_DHE_RSA_WITH_DES_CBC_SHA);
+
+    static CipherSuite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = new CipherSuite(
+            "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA", false, KeyExchange_DHE_RSA,
+            "3DES_EDE_CBC", "SHA", code_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA);
+
+    static CipherSuite TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 = new CipherSuite(
+            "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5", true,
+            KeyExchange_DH_anon_EXPORT, "RC4_40", "MD5",
+            code_TLS_DH_anon_EXPORT_WITH_RC4_40_MD5);
+
+    static CipherSuite TLS_DH_anon_WITH_RC4_128_MD5 = new CipherSuite(
+            "TLS_DH_anon_WITH_RC4_128_MD5", false, KeyExchange_DH_anon,
+            "RC4_128", "MD5", code_TLS_DH_anon_WITH_RC4_128_MD5);
+
+    static CipherSuite TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = new CipherSuite(
+            "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA", true,
+            KeyExchange_DH_anon_EXPORT, "DES40_CBC", "SHA",
+            code_TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA);
+
+    static CipherSuite TLS_DH_anon_WITH_DES_CBC_SHA = new CipherSuite(
+            "TLS_DH_anon_WITH_DES_CBC_SHA", false, KeyExchange_DH_anon,
+            "DES_CBC", "SHA", code_TLS_DH_anon_WITH_DES_CBC_SHA);
+
+    static CipherSuite TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = new CipherSuite(
+            "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA", false, KeyExchange_DH_anon,
+            "3DES_EDE_CBC", "SHA", code_TLS_DH_anon_WITH_3DES_EDE_CBC_SHA);
+
+    // array for quick access to cipher suite by code
+    private static CipherSuite[] cuitesByCode = { 
+            TLS_NULL_WITH_NULL_NULL,
+            TLS_RSA_WITH_NULL_MD5,
+            TLS_RSA_WITH_NULL_SHA,
+            TLS_RSA_EXPORT_WITH_RC4_40_MD5,
+            TLS_RSA_WITH_RC4_128_MD5,
+            TLS_RSA_WITH_RC4_128_SHA,
+            TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
+            TLS_RSA_WITH_IDEA_CBC_SHA,
+            TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,
+            TLS_RSA_WITH_DES_CBC_SHA,
+            TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+            TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
+            TLS_DH_DSS_WITH_DES_CBC_SHA,
+            TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,
+            TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
+            TLS_DH_RSA_WITH_DES_CBC_SHA,
+            TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,
+            TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
+            TLS_DHE_DSS_WITH_DES_CBC_SHA,
+            TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
+            TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
+            TLS_DHE_RSA_WITH_DES_CBC_SHA,
+            TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+            TLS_DH_anon_EXPORT_WITH_RC4_40_MD5,
+            TLS_DH_anon_WITH_RC4_128_MD5,
+            TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA,
+            TLS_DH_anon_WITH_DES_CBC_SHA,
+            TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
+            };
+
+    // hash for quick access to cipher suite by name 
+    private static Hashtable cuitesByName;
+
+    /**
+     * array of supported sipher suites.
+     * Set of supported suites is defined at the moment provider's start 
+     */
+//  TODO Dinamical supported suites: new providers may be dynamically 
+//  added/removed and the set of supportes suites may be changed
+    static CipherSuite[] supportedCipherSuites;
+
+    /**
+     * array of supported sipher suites names
+     */
+    static String[] supportedCipherSuiteNames;
+
+    /**
+     * default sipher suites
+     */
+    static CipherSuite[] defaultCipherSuites;
+    
+    static {
+        int count = 0;
+        cuitesByName = new Hashtable();
+        for (int i = 0; i < cuitesByCode.length; i++) {
+            cuitesByName.put(cuitesByCode[i].getName(), cuitesByCode[i]);
+            if (cuitesByCode[i].supported) {
+                count++;
+            }
+        }
+        supportedCipherSuites = new CipherSuite[count];
+        supportedCipherSuiteNames = new String[count];
+        count = 0;
+        for (int i = 0; i < cuitesByCode.length; i++) {
+            if (cuitesByCode[i].supported) {
+                supportedCipherSuites[count] = cuitesByCode[i];
+                supportedCipherSuiteNames[count] = supportedCipherSuites[count].getName();
+                count++;
+            }
+        }
+
+        CipherSuite[] defaultPretendent = { 
+                TLS_RSA_WITH_RC4_128_MD5,
+                TLS_RSA_WITH_RC4_128_SHA,
+                // TLS_RSA_WITH_AES_128_CBC_SHA,
+                // TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
+                // LS_DHE_DSS_WITH_AES_128_CBC_SHA,
+                TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+                TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+                TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_DES_CBC_SHA,
+                TLS_DHE_RSA_WITH_DES_CBC_SHA, TLS_DHE_DSS_WITH_DES_CBC_SHA,
+                TLS_RSA_EXPORT_WITH_RC4_40_MD5,
+                TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,
+                TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
+                TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 
+                };
+        count = 0;
+        for (int i = 0; i < defaultPretendent.length; i++) {
+            if (defaultPretendent[i].supported) {
+                count++;
+            }
+        }
+        defaultCipherSuites = new CipherSuite[count];
+        count = 0;
+        for (int i = 0; i < defaultPretendent.length; i++) {
+            if (defaultPretendent[i].supported) {
+                defaultCipherSuites[count++] = defaultPretendent[i];
+            }
+        }
+    }
+
+    /**
+     * Returns CipherSuite by name
+     * @param name
+     * @return
+     */
+    public static CipherSuite getByName(String name) {
+        return (CipherSuite) cuitesByName.get(name);
+    }
+
+    /**
+     * Returns CipherSuite based on TLS CipherSuite code
+     * @see TLS 1.0 spec., A.5. The CipherSuite;
+     * @param b1
+     * @param b2
+     * @return
+     */
+    public static CipherSuite getByCode(byte b1, byte b2) {
+        if (b1 != 0 || b2 > cuitesByCode.length) {
+            // Unknoun
+            return new CipherSuite("UNKNOUN_" + b1 + "_" + b2, false, 0, "",
+                    "", new byte[] { b1, b2 });
+        }
+        return cuitesByCode[b2];
+    }
+
+    /**
+     * Returns CipherSuite based on V2CipherSpec code
+     * as described in TLS 1.0 spec., E. Backward Compatibility With SSL
+     * 
+     * @param b1
+     * @param b2
+     * @param b3
+     * @return CipherSuite
+     */
+    public static CipherSuite getByCode(byte b1, byte b2, byte b3) {
+        if (b1 == 0 && b2 == 0) {
+            if (b3 <= cuitesByCode.length) {
+                return cuitesByCode[b3];
+            }
+        }
+        // as TLSv1 equivalent of V2CipherSpec should be included in
+        // V2ClientHello, ignore V2CipherSpec
+        return new CipherSuite("UNKNOUN_" + b1 + "_" + b2 + "_" + b3, false, 0,
+                "", "", new byte[] { b1, b2, b3 });
+    }
+
+    /**
+     * Creates CipherSuite
+     * @param name
+     * @param isExportable
+     * @param keyExchange
+     * @param cipherName
+     * @param hash
+     * @param code
+     */
+    public CipherSuite(String name, boolean isExportable, int keyExchange,
+            String cipherName, String hash, byte[] code) {
+        this.name = name;
+        this.keyExchange = keyExchange;
+        this.isExportable = isExportable;
+        if (cipherName == null) {
+            this.cipherName = null;
+            keyMaterial = 0;
+            expandedKeyMaterial = 0;
+            effectiveKeyBytes = 0;
+            IVSize = 0;
+            blockSize = 0;
+        } else if ("IDEA_CBC".equals(cipherName)) {
+            this.cipherName = "IDEA/CBC/NoPadding";
+            keyMaterial = 16;
+            expandedKeyMaterial = 16;
+            effectiveKeyBytes = 16;
+            IVSize = 8;
+            blockSize = 8;
+        } else if ("RC2_CBC_40".equals(cipherName)) {
+            this.cipherName = "RC2/CBC/NoPadding";
+            keyMaterial = 5;
+            expandedKeyMaterial = 16;
+            effectiveKeyBytes = 5;
+            IVSize = 8;
+            blockSize = 8;
+        } else if ("RC4_40".equals(cipherName)) {
+            this.cipherName = "RC4";
+            keyMaterial = 5;
+            expandedKeyMaterial = 16;
+            effectiveKeyBytes = 5;
+            IVSize = 0;
+            blockSize = 0;
+        } else if ("RC4_128".equals(cipherName)) {
+            this.cipherName = "RC4";
+            keyMaterial = 16;
+            expandedKeyMaterial = 16;
+            effectiveKeyBytes = 16;
+            IVSize = 0;
+            blockSize = 0;
+        } else if ("DES40_CBC".equals(cipherName)) {
+            this.cipherName = "DES/CBC/NoPadding";
+            keyMaterial = 5;
+            expandedKeyMaterial = 8;
+            effectiveKeyBytes = 5;
+            IVSize = 8;
+            blockSize = 8;
+        } else if ("DES_CBC".equals(cipherName)) {
+            this.cipherName = "DES/CBC/NoPadding";
+            keyMaterial = 8;
+            expandedKeyMaterial = 8;
+            effectiveKeyBytes = 7;
+            IVSize = 8;
+            blockSize = 8;
+        } else if ("3DES_EDE_CBC".equals(cipherName)) {
+            this.cipherName = "DESede/CBC/NoPadding";
+            keyMaterial = 24;
+            expandedKeyMaterial = 24;
+            effectiveKeyBytes = 24;
+            IVSize = 8;
+            blockSize = 8;
+        } else {
+            this.cipherName = cipherName;
+            keyMaterial = 0;
+            expandedKeyMaterial = 0;
+            effectiveKeyBytes = 0;
+            IVSize = 0;
+            blockSize = 0;
+        }
+
+        if ("MD5".equals(hash)) {
+            this.hmacName = "HmacMD5";
+            this.hashName = "MD5";
+            hashSize = 16;
+        } else if ("SHA".equals(hash)) {
+            this.hmacName = "HmacSHA1";
+            this.hashName = "SHA-1";
+            hashSize = 20;
+        } else {
+            this.hmacName = null;
+            this.hashName = null;
+            hashSize = 0;
+        }
+
+        cipherSuiteCode = code;
+
+        if (this.cipherName != null) {
+            try {
+                Cipher.getInstance(this.cipherName);
+            } catch (GeneralSecurityException e) {
+                supported = false;
+            }
+        }
+
+    }
+
+    /**
+     * Returns true if cipher suite is anonymous
+     * @return
+     */
+    public boolean isAnonymous() {
+        if (keyExchange == KeyExchange_DH_anon
+                || keyExchange == KeyExchange_DH_anon_EXPORT) {
+            return true;
+        }
+        return false;
+    }
+
+    /**
+     * Returns array of supported CipherSuites
+     * @return
+     */
+    public static CipherSuite[] getSupported() {
+        return supportedCipherSuites;
+    }
+
+    /**
+     * Returns array of supported cipher suites names
+     * @return
+     */
+    public static String[] getSupportedCipherSuiteNames() {
+        return (String[]) supportedCipherSuiteNames.clone();
+    }
+
+    /**
+     * Returns cipher suite name
+     * @return
+     */
+    public String getName() {
+        return name;
+    }
+
+    /**
+     * Returns cipher suite code as byte array
+     * @return
+     */
+    public byte[] toBytes() {
+        return cipherSuiteCode;
+    }
+
+    /**
+     * Returns cipher suite description
+     */
+    public String toString() {
+        return name + ": " + cipherSuiteCode[0] + " " + cipherSuiteCode[1];
+    }
+
+    /**
+     * Compares this cipher suite to the specified object.
+     */
+    public boolean equals(Object obj) {
+        if (obj instanceof CipherSuite
+                && this.cipherSuiteCode[0] == ((CipherSuite) obj).cipherSuiteCode[0]
+                && this.cipherSuiteCode[1] == ((CipherSuite) obj).cipherSuiteCode[1]) {
+            return true;
+        }
+        return false;
+    }
+
+    /**
+     * Returns cipher algorithm name
+     * @return
+     */
+    public String getBulkEncryptionAlgorithm() {
+        return cipherName;
+    }
+
+    /**
+     * Returns cipher block size
+     * @return
+     */
+    public int getBlockSize() {
+        return blockSize;
+    }
+
+    /**
+     * Returns MAC algorithm name
+     * @return
+     */
+    public String getHmacName() {
+        return hmacName;
+    }
+
+    /**
+     * Returns hash algorithm name
+     * @return
+     */
+    public String getHashName() {
+        return hashName;
+    }
+
+    /**
+     * Returns hash size
+     * @return
+     */
+    public int getMACLength() {
+        return hashSize;
+    }
+
+    /**
+     * Indicates whether this cipher suite is exportable
+     * @return
+     */
+    public boolean isExportable() {
+        return isExportable;
+    }
+
+}



Mime
View raw message