diff --git a/api/current.txt b/api/current.txt index 04502f9c2f348..64761652de6b3 100644 --- a/api/current.txt +++ b/api/current.txt @@ -17451,18 +17451,6 @@ package android.net { method public android.net.NetworkRequest.Builder setNetworkSpecifier(java.lang.String); } - public abstract interface PSKKeyManager { - method public abstract java.lang.String chooseClientKeyIdentity(java.lang.String, java.net.Socket); - method public abstract java.lang.String chooseClientKeyIdentity(java.lang.String, javax.net.ssl.SSLEngine); - method public abstract java.lang.String chooseServerKeyIdentityHint(java.net.Socket); - method public abstract java.lang.String chooseServerKeyIdentityHint(javax.net.ssl.SSLEngine); - method public abstract javax.crypto.SecretKey getKey(java.lang.String, java.lang.String, java.net.Socket); - method public abstract javax.crypto.SecretKey getKey(java.lang.String, java.lang.String, javax.net.ssl.SSLEngine); - field public static final int MAX_IDENTITY_HINT_LENGTH_BYTES = 128; // 0x80 - field public static final int MAX_IDENTITY_LENGTH_BYTES = 128; // 0x80 - field public static final int MAX_KEY_LENGTH_BYTES = 256; // 0x100 - } - public class ParseException extends java.lang.RuntimeException { field public java.lang.String response; } @@ -17489,6 +17477,19 @@ package android.net { method public void writeToParcel(android.os.Parcel, int); } + public abstract class PskKeyManager { + ctor public PskKeyManager(); + method public java.lang.String chooseClientKeyIdentity(java.lang.String, java.net.Socket); + method public java.lang.String chooseClientKeyIdentity(java.lang.String, javax.net.ssl.SSLEngine); + method public java.lang.String chooseServerKeyIdentityHint(java.net.Socket); + method public java.lang.String chooseServerKeyIdentityHint(javax.net.ssl.SSLEngine); + method public javax.crypto.SecretKey getKey(java.lang.String, java.lang.String, java.net.Socket); + method public javax.crypto.SecretKey getKey(java.lang.String, java.lang.String, javax.net.ssl.SSLEngine); + field public static final int MAX_IDENTITY_HINT_LENGTH_BYTES = 128; // 0x80 + field public static final int MAX_IDENTITY_LENGTH_BYTES = 128; // 0x80 + field public static final int MAX_KEY_LENGTH_BYTES = 256; // 0x100 + } + public final class RouteInfo implements android.os.Parcelable { method public int describeContents(); method public android.net.IpPrefix getDestination(); diff --git a/core/java/android/net/PSKKeyManager.java b/core/java/android/net/PskKeyManager.java similarity index 77% rename from core/java/android/net/PSKKeyManager.java rename to core/java/android/net/PskKeyManager.java index e868c4f2ef9f3..d1622823acd99 100644 --- a/core/java/android/net/PSKKeyManager.java +++ b/core/java/android/net/PskKeyManager.java @@ -16,6 +16,7 @@ package android.net; +import com.android.org.conscrypt.PSKKeyManager; import java.net.Socket; import javax.crypto.SecretKey; import javax.net.ssl.SSLEngine; @@ -40,10 +41,10 @@ import javax.net.ssl.SSLEngine; * *

Supporting multiple keys

* - *

A peer may have multiple keys to choose from. To help choose the right key, during the handshake - * the server can provide a PSK identity hint to the client, and the client can provide a - * PSK identity to the server. The contents of these two pieces of information are specific - * to application-level protocols.

+ *

A peer may have multiple keys to choose from. To help choose the right key, during the + * handshake the server can provide a PSK identity hint to the client, and the client can + * provide a PSK identity to the server. The contents of these two pieces of information + * are specific to application-level protocols.

* *

NOTE: Both the PSK identity hint and the PSK identity are transmitted in cleartext. * Moreover, these data are received and processed prior to peer having been authenticated. Thus, @@ -76,16 +77,20 @@ import javax.net.ssl.SSLEngine; * {@link #MAX_IDENTITY_LENGTH_BYTES} and {@link #MAX_IDENTITY_HINT_LENGTH_BYTES}). *

* + *

Subclassing

+ * Subclasses should normally provide their own implementation of {@code getKey} because the default + * implementation returns no key, which aborts the handshake. + * *

Example

* The following example illustrates how to create an {@code SSLContext} which enables the use of * TLS-PSK in {@code SSLSocket}, {@code SSLServerSocket} and {@code SSLEngine} instances obtained * from it. * 
 {@code
- * PSKKeyManager myPskKeyManager = ...;
+ * PskKeyManager pskKeyManager = ...;
  *
  * SSLContext sslContext = SSLContext.getInstance("TLS");
  * sslContext.init(
- *         new KeyManager[] {myPskKeyManager},
+ *         new KeyManager[] {pskKeyManager},
  *         new TrustManager[0], // No TrustManagers needed for TLS-PSK
  *         null // Use the default source of entropy
  *         );
@@ -93,7 +98,7 @@ import javax.net.ssl.SSLEngine;
  * SSLSocket sslSocket = (SSLSocket) sslContext.getSocketFactory().createSocket(...);
  * }
*/ -public interface PSKKeyManager extends com.android.org.conscrypt.PSKKeyManager { +public abstract class PskKeyManager implements PSKKeyManager { // IMPLEMENTATION DETAILS: This class exists only because the default implemenetation of the // TLS/SSL JSSE provider (currently Conscrypt) cannot depend on Android framework classes. // As a result, this framework class simply extends the PSKKeyManager interface from Conscrypt @@ -103,61 +108,83 @@ public interface PSKKeyManager extends com.android.org.conscrypt.PSKKeyManager { /** * Maximum supported length (in bytes) for PSK identity hint (in modified UTF-8 representation). */ - int MAX_IDENTITY_HINT_LENGTH_BYTES = - com.android.org.conscrypt.PSKKeyManager.MAX_IDENTITY_HINT_LENGTH_BYTES; + public static final int MAX_IDENTITY_HINT_LENGTH_BYTES = + PSKKeyManager.MAX_IDENTITY_HINT_LENGTH_BYTES; /** Maximum supported length (in bytes) for PSK identity (in modified UTF-8 representation). */ - int MAX_IDENTITY_LENGTH_BYTES = - com.android.org.conscrypt.PSKKeyManager.MAX_IDENTITY_LENGTH_BYTES; + public static final int MAX_IDENTITY_LENGTH_BYTES = PSKKeyManager.MAX_IDENTITY_LENGTH_BYTES; /** Maximum supported length (in bytes) for PSK. */ - int MAX_KEY_LENGTH_BYTES = com.android.org.conscrypt.PSKKeyManager.MAX_KEY_LENGTH_BYTES; + public static final int MAX_KEY_LENGTH_BYTES = PSKKeyManager.MAX_KEY_LENGTH_BYTES; /** * Gets the PSK identity hint to report to the client to help agree on the PSK for the provided * socket. * + *

+ * The default implementation returns {@code null}. + * * @return PSK identity hint to be provided to the client or {@code null} to provide no hint. */ @Override - String chooseServerKeyIdentityHint(Socket socket); + public String chooseServerKeyIdentityHint(Socket socket) { + return null; + } /** * Gets the PSK identity hint to report to the client to help agree on the PSK for the provided * engine. * + *

+ * The default implementation returns {@code null}. + * * @return PSK identity hint to be provided to the client or {@code null} to provide no hint. */ @Override - String chooseServerKeyIdentityHint(SSLEngine engine); + public String chooseServerKeyIdentityHint(SSLEngine engine) { + return null; + } /** * Gets the PSK identity to report to the server to help agree on the PSK for the provided * socket. * + *

+ * The default implementation returns an empty string. + * * @param identityHint identity hint provided by the server or {@code null} if none provided. * * @return PSK identity to provide to the server. {@code null} is permitted but will be * converted into an empty string. */ @Override - String chooseClientKeyIdentity(String identityHint, Socket socket); + public String chooseClientKeyIdentity(String identityHint, Socket socket) { + return ""; + } /** * Gets the PSK identity to report to the server to help agree on the PSK for the provided * engine. * + *

+ * The default implementation returns an empty string. + * * @param identityHint identity hint provided by the server or {@code null} if none provided. * * @return PSK identity to provide to the server. {@code null} is permitted but will be * converted into an empty string. */ @Override - String chooseClientKeyIdentity(String identityHint, SSLEngine engine); + public String chooseClientKeyIdentity(String identityHint, SSLEngine engine) { + return ""; + } /** * Gets the PSK to use for the provided socket. * + *

+ * The default implementation returns {@code null}. + * * @param identityHint identity hint provided by the server to help select the key or * {@code null} if none provided. * @param identity identity provided by the client to help select the key. @@ -166,11 +193,16 @@ public interface PSKKeyManager extends com.android.org.conscrypt.PSKKeyManager { * the handshake. */ @Override - SecretKey getKey(String identityHint, String identity, Socket socket); + public SecretKey getKey(String identityHint, String identity, Socket socket) { + return null; + } /** * Gets the PSK to use for the provided engine. * + *

+ * The default implementation returns {@code null}. + * * @param identityHint identity hint provided by the server to help select the key or * {@code null} if none provided. * @param identity identity provided by the client to help select the key. @@ -179,5 +211,7 @@ public interface PSKKeyManager extends com.android.org.conscrypt.PSKKeyManager { * the handshake. */ @Override - SecretKey getKey(String identityHint, String identity, SSLEngine engine); + public SecretKey getKey(String identityHint, String identity, SSLEngine engine) { + return null; + } }