Home | History | Annotate | Download | only in conscrypt 
      1 /*
      2  *  Licensed to the Apache Software Foundation (ASF) under one or more
      3  *  contributor license agreements.  See the NOTICE file distributed with
      4  *  this work for additional information regarding copyright ownership.
      5  *  The ASF licenses this file to You under the Apache License, Version 2.0
      6  *  (the "License"); you may not use this file except in compliance with
      7  *  the License.  You may obtain a copy of the License at
      8  *
      9  *     http://www.apache.org/licenses/LICENSE-2.0
     10  *
     11  *  Unless required by applicable law or agreed to in writing, software
     12  *  distributed under the License is distributed on an "AS IS" BASIS,
     13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     14  *  See the License for the specific language governing permissions and
     15  *  limitations under the License.
     16  */
     17 
     18 package org.conscrypt;
     19 
     20 import java.security.Provider;
     21 
     22 /**
     23  * JSSE Provider implementation.
     24  *
     25  * This implementation is based on TLS v 1.0 and SSL v3 protocol specifications.
     26  *
     27  * <ul>
     28  * <li><a href="http://www.ietf.org/rfc/rfc2246.txt">TLS v 1.0 Protocol
     29  * specification</a></li>
     30  * <li><a href="http://wp.netscape.com/eng/ssl3">SSL v3 Protocol
     31  * specification</a></li>
     32  * </ul>
     33  *
     34  * Provider implementation supports the following  cipher suites:
     35  *     TLS_NULL_WITH_NULL_NULL
     36  *     TLS_RSA_WITH_NULL_MD5
     37  *     TLS_RSA_WITH_NULL_SHA
     38  *     TLS_RSA_EXPORT_WITH_RC4_40_MD5
     39  *     TLS_RSA_WITH_RC4_128_MD5
     40  *     TLS_RSA_WITH_RC4_128_SHA
     41  *     TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
     42  *     TLS_RSA_WITH_IDEA_CBC_SHA
     43  *     TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
     44  *     TLS_RSA_WITH_DES_CBC_SHA
     45  *     TLS_RSA_WITH_3DES_EDE_CBC_SHA
     46  *     TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA
     47  *     TLS_DH_DSS_WITH_DES_CBC_SHA
     48  *     TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA
     49  *     TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA
     50  *     TLS_DH_RSA_WITH_DES_CBC_SHA
     51  *     TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA
     52  *     TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
     53  *     TLS_DHE_DSS_WITH_DES_CBC_SHA
     54  *     TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
     55  *     TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
     56  *     TLS_DHE_RSA_WITH_DES_CBC_SHA
     57  *     TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
     58  *     TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
     59  *     TLS_DH_anon_WITH_RC4_128_MD5
     60  *     TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
     61  *     TLS_DH_anon_WITH_DES_CBC_SHA
     62  *     TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
     63  *
     64  * The real set of available cipher suites depends on set of available
     65  * crypto algorithms. These algorithms must be provided by some crypto
     66  * provider.
     67  *
     68  * The following cipher algorithms are used by different cipher suites:
     69  *     IDEA/CBC/NoPadding
     70  *     RC2/CBC/NoPadding
     71  *     RC4
     72  *     DES/CBC/NoPadding
     73  *     DES/CBC/NoPadding
     74  *     DESede/CBC/NoPadding
     75  *
     76  * Also the current JSSE provider implementation uses the following
     77  * crypto algorithms:
     78  *
     79  * Algorithms that MUST be provided by crypto provider:
     80  *     Mac    HmacMD5
     81  *     Mac    HmacSHA1
     82  *     MessageDigest    MD5
     83  *     MessageDigest    SHA-1
     84  *     CertificateFactory    X509
     85  *
     86  * The cipher suites with RSA key exchange may also require:
     87  *     Cipher    RSA
     88  *     KeyPairGenerator    RSA
     89  *     KeyFactory    RSA
     90  *
     91  * The cipher suites with DH key exchange may also require:
     92  *     Signature    NONEwithDSA
     93  *     KeyPairGenerator    DiffieHellman or DH
     94  *     KeyFactory    DiffieHellman or DH
     95  *     KeyAgreement    DiffieHellman or DH
     96  *     KeyPairGenerator    DiffieHellman or DH
     97  *
     98  * Trust manager implementation requires:
     99  *     CertPathValidator    PKIX
    100  *     CertificateFactory    X509
    101  *
    102  */
    103 public final class JSSEProvider extends Provider {
    104 
    105     private static final long serialVersionUID = 3075686092260669675L;
    106 
    107     public JSSEProvider() {
    108         super("HarmonyJSSE", 1.0, "Harmony JSSE Provider");
    109 
    110         put("SSLContext.SSL", SSLContextImpl.class.getName());
    111         put("SSLContext.SSLv3", SSLContextImpl.class.getName());
    112         put("SSLContext.TLS", SSLContextImpl.class.getName());
    113         put("SSLContext.TLSv1", SSLContextImpl.class.getName());
    114 
    115         put("KeyManagerFactory.PKIX", KeyManagerFactoryImpl.class.getName());
    116         put("Alg.Alias.KeyManagerFactory.X509", "PKIX");
    117 
    118         put("TrustManagerFactory.PKIX", TrustManagerFactoryImpl.class.getName());
    119         put("Alg.Alias.TrustManagerFactory.X509", "PKIX");
    120 
    121         put("KeyStore.AndroidCAStore", TrustedCertificateKeyStoreSpi.class.getName());
    122     }
    123 }
    124