The Android Open Source Project | b5de22c | 2012-04-01 00:00:00 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Licensed to the Apache Software Foundation (ASF) under one or more |
| 3 | * contributor license agreements. See the NOTICE file distributed with |
| 4 | * this work for additional information regarding copyright ownership. |
| 5 | * The ASF licenses this file to You under the Apache License, Version 2.0 |
| 6 | * (the "License"); you may not use this file except in compliance with |
| 7 | * the License. You may obtain a copy of the License at |
| 8 | * |
| 9 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 10 | * |
| 11 | * Unless required by applicable law or agreed to in writing, software |
| 12 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 14 | * See the License for the specific language governing permissions and |
| 15 | * limitations under the License. |
| 16 | */ |
| 17 | |
| 18 | package org.apache.harmony.xnet.provider.jsse; |
| 19 | |
| 20 | import java.security.Provider; |
| 21 | |
| 22 | /** |
| 23 | * JSSE Provider implementation. |
| 24 | * |
| 25 | * This implementation is based on TLS v 1.0 and SSL v3 protocol specifications. |
| 26 | * |
| 27 | * <ul> |
| 28 | * <li><a href="http://www.ietf.org/rfc/rfc2246.txt">TLS v 1.0 Protocol |
| 29 | * specification</a></li> |
| 30 | * <li><a href="http://wp.netscape.com/eng/ssl3">SSL v3 Protocol |
| 31 | * specification</a></li> |
| 32 | * </ul> |
| 33 | * |
| 34 | * Provider implementation supports the following cipher suites: |
| 35 | * TLS_NULL_WITH_NULL_NULL |
| 36 | * TLS_RSA_WITH_NULL_MD5 |
| 37 | * TLS_RSA_WITH_NULL_SHA |
| 38 | * TLS_RSA_EXPORT_WITH_RC4_40_MD5 |
| 39 | * TLS_RSA_WITH_RC4_128_MD5 |
| 40 | * TLS_RSA_WITH_RC4_128_SHA |
| 41 | * TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 |
| 42 | * TLS_RSA_WITH_IDEA_CBC_SHA |
| 43 | * TLS_RSA_EXPORT_WITH_DES40_CBC_SHA |
| 44 | * TLS_RSA_WITH_DES_CBC_SHA |
| 45 | * TLS_RSA_WITH_3DES_EDE_CBC_SHA |
| 46 | * TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA |
| 47 | * TLS_DH_DSS_WITH_DES_CBC_SHA |
| 48 | * TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA |
| 49 | * TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA |
| 50 | * TLS_DH_RSA_WITH_DES_CBC_SHA |
| 51 | * TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA |
| 52 | * TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA |
| 53 | * TLS_DHE_DSS_WITH_DES_CBC_SHA |
| 54 | * TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA |
| 55 | * TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA |
| 56 | * TLS_DHE_RSA_WITH_DES_CBC_SHA |
| 57 | * TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA |
| 58 | * TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 |
| 59 | * TLS_DH_anon_WITH_RC4_128_MD5 |
| 60 | * TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA |
| 61 | * TLS_DH_anon_WITH_DES_CBC_SHA |
| 62 | * TLS_DH_anon_WITH_3DES_EDE_CBC_SHA |
| 63 | * |
| 64 | * The real set of available cipher suites depends on set of available |
| 65 | * crypto algorithms. These algorithms must be provided by some crypto |
| 66 | * provider. |
| 67 | * |
| 68 | * The following cipher algorithms are used by different cipher suites: |
| 69 | * IDEA/CBC/NoPadding |
| 70 | * RC2/CBC/NoPadding |
| 71 | * RC4 |
| 72 | * DES/CBC/NoPadding |
| 73 | * DES/CBC/NoPadding |
| 74 | * DESede/CBC/NoPadding |
| 75 | * |
| 76 | * Also the current JSSE provider implementation uses the following |
| 77 | * crypto algorithms: |
| 78 | * |
| 79 | * Algorithms that MUST be provided by crypto provider: |
| 80 | * Mac HmacMD5 |
| 81 | * Mac HmacSHA1 |
| 82 | * MessageDigest MD5 |
| 83 | * MessageDigest SHA-1 |
| 84 | * CertificateFactory X509 |
| 85 | * |
| 86 | * The cipher suites with RSA key exchange may also require: |
| 87 | * Cipher RSA |
| 88 | * KeyPairGenerator RSA |
| 89 | * KeyFactory RSA |
| 90 | * |
| 91 | * The cipher suites with DH key exchange may also require: |
| 92 | * Signature NONEwithDSA |
| 93 | * KeyPairGenerator DiffieHellman or DH |
| 94 | * KeyFactory DiffieHellman or DH |
| 95 | * KeyAgreement DiffieHellman or DH |
| 96 | * KeyPairGenerator DiffieHellman or DH |
| 97 | * |
| 98 | * Trust manager implementation requires: |
| 99 | * CertPathValidator PKIX |
| 100 | * CertificateFactory X509 |
| 101 | * |
| 102 | */ |
| 103 | public final class JSSEProvider extends Provider { |
| 104 | |
| 105 | private static final long serialVersionUID = 3075686092260669675L; |
| 106 | |
| 107 | public JSSEProvider() { |
| 108 | super("HarmonyJSSE", 1.0, "Harmony JSSE Provider"); |
| 109 | |
| 110 | put("SSLContext.SSL", SSLContextImpl.class.getName()); |
| 111 | put("SSLContext.SSLv3", SSLContextImpl.class.getName()); |
| 112 | put("SSLContext.TLS", SSLContextImpl.class.getName()); |
| 113 | put("SSLContext.TLSv1", SSLContextImpl.class.getName()); |
| 114 | |
| 115 | put("KeyManagerFactory.PKIX", KeyManagerFactoryImpl.class.getName()); |
| 116 | put("Alg.Alias.KeyManagerFactory.X509", "PKIX"); |
| 117 | |
| 118 | put("TrustManagerFactory.PKIX", TrustManagerFactoryImpl.class.getName()); |
| 119 | put("Alg.Alias.TrustManagerFactory.X509", "PKIX"); |
| 120 | |
| 121 | put("KeyStore.AndroidCAStore", TrustedCertificateKeyStoreSpi.class.getName()); |
| 122 | } |
| 123 | } |