Initial revision

From-SVN: r102074
author: Tom Tromey <tromey@gcc.gnu.org> 2005-07-16 00:30:23 +0000
committer: Tom Tromey <tromey@gcc.gnu.org> 2005-07-16 00:30:23 +0000
commit: f911ba985aa7fe0096c386c5be385ac5825ea527 (patch)
tree: a0b991cf5866ae1d616639b906ac001811d74508 /libjava/classpath/javax/net
parent: 6f4434b39b261de5317dc81ddfdd94d2e1d62b11 (diff)
download: gcc-f911ba985aa7fe0096c386c5be385ac5825ea527.zip
gcc-f911ba985aa7fe0096c386c5be385ac5825ea527.tar.gz
gcc-f911ba985aa7fe0096c386c5be385ac5825ea527.tar.bz2
36 files changed, 4142 insertions, 0 deletions
diff --git a/libjava/classpath/javax/net/ServerSocketFactory.java b/libjava/classpath/javax/net/ServerSocketFactory.java
new file mode 100644
index 0000000..0fc13d1
--- /dev/null
+++ b/libjava/classpath/javax/net/ServerSocketFactory.java
@@ -0,0 +1,122 @@
+/* ServerSocketFactory.java -- factory for server sockets.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net;
+
+import java.io.IOException;
+
+import java.net.InetAddress;
+import java.net.ServerSocket;
+
+import java.security.Security;
+
+/**
+ * A factory for server sockets. The purpose of this class is to serve
+ * as the superclass of server socket factories that produce server
+ * sockets of a particular type, such as <i>Secure Socket Layer</i>
+ * (<b>SSL</b>) server sockets.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public abstract class ServerSocketFactory
+{
+
+  // Constructors.
+  // ------------------------------------------------------------------------
+
+  /**
+   * Default 0-argument constructor.
+   */
+  protected ServerSocketFactory()
+  {
+    super();
+  }
+
+  // Class methods.
+  // ------------------------------------------------------------------------
+
+  /**
+   * Returns the default server socket factory. The type of factory
+   * returned may depend upon the installation.
+   *
+   * @return The default server socket factory.
+   */
+  public static synchronized ServerSocketFactory getDefault()
+  {
+    try
+      {
+        String s = Security.getProperty("gnu.defaultServerSocketFactory");
+        if (s != null)
+          {
+            Class c = Class.forName(s);
+            return (ServerSocketFactory) c.newInstance();
+          }
+      }
+    catch (Exception e)
+      {
+      }
+    return new VanillaServerSocketFactory();
+  }
+
+  // Instance methods.
+  // ------------------------------------------------------------------------
+
+  /**
+   * Create an unbound server socket.
+   *
+   * @return The new server socket.
+   * @throws IOException If a networking error occurs.
+   */
+  public ServerSocket createServerSocket() throws IOException
+  {
+    throw new UnsupportedOperationException();
+  }
+
+  /**
+   * Create a server socket bound to the given port.
+   *
+   * @param port The port to bind the server socket to.
+   * @return A server socket bound to <i>port</i>.
+   * @throws IOException If a networking error occurs.
+   */
+  public abstract ServerSocket createServerSocket(int port) throws IOException;
+
+  public abstract ServerSocket createServerSocket(int port, int backlog) throws IOException;
+
+  public abstract ServerSocket createServerSocket(int port, int backlog, InetAddress bindAddress) throws IOException;
+}
diff --git a/libjava/classpath/javax/net/SocketFactory.java b/libjava/classpath/javax/net/SocketFactory.java
new file mode 100644
index 0000000..945a52b
--- /dev/null
+++ b/libjava/classpath/javax/net/SocketFactory.java
@@ -0,0 +1,157 @@
+/* SocketFactory.java -- factory for client sockets.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net;
+
+import java.io.IOException;
+
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+
+import java.security.Security;
+
+/**
+ * A factory for client sockets. The purpose of this class is to serve
+ * as the superclass of server socket factories that produce client
+ * sockets of a particular type, such as <i>Secure Socket Layer</i>
+ * (<b>SSL</b>) sockets.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public abstract class SocketFactory
+{
+
+  // Constructor.
+  // -------------------------------------------------------------------
+
+  /**
+   * Default 0-arguments constructor.
+   */
+  protected SocketFactory()
+  {
+    super();
+  }
+
+  // Class methods.
+  // -------------------------------------------------------------------
+
+  /**
+   * Returns the default socket factory. The type of factory
+   * returned may depend upon the installation.
+   *
+   * @return The default socket factory.
+   */
+  public static synchronized SocketFactory getDefault()
+  {
+    try
+      {
+        String s = Security.getProperty("gnu.defaultSocketFactory");
+        if (s != null)
+          {
+            Class c = Class.forName(s);
+            return (SocketFactory) c.newInstance();
+          }
+      }
+    catch (Exception e)
+      {
+      }
+    return new VanillaSocketFactory();
+  }
+
+  // Instance methods.
+  // -------------------------------------------------------------------
+
+  /**
+   * Returns an unbound client socket.
+   *
+   * @return The new, unbound socket.
+   */
+  public Socket createSocket() throws IOException
+  {
+    throw new UnsupportedOperationException();
+  }
+
+  /**
+   * Creates a socket connected to a given host on a given port.
+   *
+   * @param host The hostname to connect to.
+   * @param port The port on <i>host</i> to connect to.
+   * @return A socket connected to <i>host</i> on <i>port</i>.
+   * @throws IOException If a network error occurs.
+   * @throws UnknownHostException If <i>host</i> cannot be resolved.
+   */
+  public abstract Socket createSocket(String host, int port) throws IOException, UnknownHostException;
+
+  /**
+   * Creates a socket connected to a given host on a given port,
+   * connecting locally to the interface with the given address and port.
+   *
+   * @param host The hostname to connect to.
+   * @param port The port on <i>host</i> to connect to.
+   * @param localHost The address of the local interface to bind to.
+   * @param localPort The local port to bind to.
+   * @return A socket connected to <i>host</i> on <i>port</i>.
+   * @throws IOException If a network error occurs.
+   * @throws UnknownHostException If <i>host</i> cannot be resolved.
+   */
+  public abstract Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException;
+
+  /**
+   * Creates a socket connected to a given host on a given port.
+   *
+   * @param host The host address to connect to.
+   * @param port The port on <i>host</i> to connect to.
+   * @return A socket connected to <i>host</i> on <i>port</i>.
+   * @throws IOException If a network error occurs.
+   */
+  public abstract Socket createSocket(InetAddress host, int port) throws IOException;
+
+  /**
+   * Creates a socket connected to a given host on a given port,
+   * connecting locally to the interface with the given address and port.
+   *
+   * @param host The host address  to connect to.
+   * @param port The port on <i>host</i> to connect to.
+   * @param localHost The address of the local interface to bind to.
+   * @param localPort The local port to bind to.
+   * @return A socket connected to <i>host</i> on <i>port</i>.
+   * @throws IOException If a network error occurs.
+   */
+  public abstract Socket createSocket(InetAddress hast, int port, InetAddress localHost, int localPort) throws IOException;
+}
diff --git a/libjava/classpath/javax/net/VanillaServerSocketFactory.java b/libjava/classpath/javax/net/VanillaServerSocketFactory.java
new file mode 100644
index 0000000..f6e4dc8
--- /dev/null
+++ b/libjava/classpath/javax/net/VanillaServerSocketFactory.java
@@ -0,0 +1,82 @@
+/* VanillaServerSocketFactory.java -- trivial socket factory.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net;
+
+import java.io.IOException;
+
+import java.net.InetAddress;
+import java.net.ServerSocket;
+
+/**
+ * A trivial server socket factory.
+ */
+class VanillaServerSocketFactory extends ServerSocketFactory
+{
+
+  // Constructor.
+  // ------------------------------------------------------------------
+
+  VanillaServerSocketFactory()
+  {
+    super();
+  }
+
+  // Instance methods.
+  // ------------------------------------------------------------------
+
+  public ServerSocket createServerSocket() throws IOException
+  {
+    return new ServerSocket();
+  }
+
+  public ServerSocket createServerSocket(int port) throws IOException
+  {
+    return new ServerSocket(port);
+  }
+
+  public ServerSocket createServerSocket(int port, int backlog) throws IOException
+  {
+    return new ServerSocket(port, backlog);
+  }
+
+  public ServerSocket createServerSocket(int port, int backlog, InetAddress bindAddress) throws IOException
+  {
+    return new ServerSocket(port, backlog, bindAddress);
+  }
+}
diff --git a/libjava/classpath/javax/net/VanillaSocketFactory.java b/libjava/classpath/javax/net/VanillaSocketFactory.java
new file mode 100644
index 0000000..5fffe10
--- /dev/null
+++ b/libjava/classpath/javax/net/VanillaSocketFactory.java
@@ -0,0 +1,88 @@
+/* VanillaSocketFactory.java -- trivial socket factory.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net;
+
+import java.io.IOException;
+
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+
+/**
+ * A trivial client socket factory.
+ */
+class VanillaSocketFactory extends SocketFactory
+{
+
+  // Constructor.
+  // ------------------------------------------------------------------
+
+  VanillaSocketFactory()
+  {
+    super();
+  }
+
+  // Instance methods.
+  // ------------------------------------------------------------------
+
+  public Socket createSocket() throws IOException
+  {
+    return new Socket();
+  }
+
+  public Socket createSocket(String host, int port) throws IOException, UnknownHostException
+  {
+    return new Socket(host, port);
+  }
+
+  public Socket createSocket(String host, int port, InetAddress localAddr, int localPort) throws IOException, UnknownHostException
+  {
+    return new Socket(host, port, localAddr, localPort);
+  }
+
+  public Socket createSocket(InetAddress address, int port) throws IOException
+  {
+    return new Socket(address, port);
+  }
+
+  public Socket createSocket(InetAddress address, int port, InetAddress localAddr, int localPort) throws IOException
+  {
+    return new Socket(address, port, localAddr, localPort);
+  }
+}
diff --git a/libjava/classpath/javax/net/package.html b/libjava/classpath/javax/net/package.html
new file mode 100644
index 0000000..d9964d3
--- /dev/null
+++ b/libjava/classpath/javax/net/package.html
@@ -0,0 +1,46 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<!-- package.html - describes classes in javax.net package.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. -->
+
+<html>
+<head><title>GNU Classpath - javax.net</title></head>
+
+<body>
+<p></p>
+
+</body>
+</html>
diff --git a/libjava/classpath/javax/net/ssl/HandshakeCompletedEvent.java b/libjava/classpath/javax/net/ssl/HandshakeCompletedEvent.java
new file mode 100644
index 0000000..743f137
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/HandshakeCompletedEvent.java
@@ -0,0 +1,152 @@
+/* HandshakeCompletedEvent.java -- SSL handshake completed.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.security.cert.Certificate;
+
+import javax.security.cert.X509Certificate;
+
+/**
+ * An event raised by a SSLSocket and passed to the {@link
+ * HandshakeCompletedListener#handshakeCompleted(HandshakeCompletedEvent)}
+ * method of all registered listeners when a SSL handshake in a SSL
+ * protocol is completed.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public class HandshakeCompletedEvent extends java.util.EventObject
+{
+  // Fields.
+  // -------------------------------------------------------------------
+
+  /** Serialization constant. */
+  private static final long serialVersionUID = 7914963744257769778L;
+
+  /** The session. */
+  private final transient SSLSession session;
+
+  // Constructor.
+  // -------------------------------------------------------------------
+
+  /**
+   * Creates a new handshake completed event.
+   *
+   * @param socket The socket (also the source) creating this event.
+   * @param session The associated session object.
+   * @throws NullPointerException If <i>session</i> is null.
+   */
+  public HandshakeCompletedEvent(SSLSocket socket, SSLSession session)
+  {
+    super(socket);
+    if (session == null)
+      throw new NullPointerException();
+    this.session = session;
+  }
+
+  // Instance methods.
+  // --------------------------------------------------------------------
+
+  /**
+   * Returns the name of the cipher that was negotiated in this
+   * connection.
+   *
+   * @return The negotiated cipher name.
+   */
+  public String getCipherSuite()
+  {
+    if (session != null)
+      return session.getCipherSuite();
+    return null;
+  }
+
+  /**
+   * Returns the local certificates being used in this connection.
+   *
+   * @return The local certificates.
+   */
+  public Certificate[] getLocalCertificates()
+  {
+    if (session != null)
+      return session.getLocalCertificates();
+    return null;
+  }
+
+  /**
+   * Returns the peer's certificates being used in this connection.
+   *
+   * @return The peer's certificates.
+   * @throws SSLPeerUnverifiedException If the peer has not been
+   *   verified.
+   */
+  public Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException
+  {
+    if (session != null)
+      return session.getPeerCertificates();
+    return null;
+  }
+
+  public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException
+  {
+    if (session != null)
+      return session.getPeerCertificateChain();
+    return null;
+  }
+
+  /**
+   * Returns the SSL session object associated with this connection.
+   *
+   * @return The session object.
+   */
+  public SSLSession getSession()
+  {
+    return session;
+  }
+
+  /**
+   * Returns the socket over which this connection is being
+   * negotiated. This method is equivalent to the {@link
+   * java.util.EventObject#getSource()} method.
+   *
+   * @return The socket.
+   */
+  public SSLSocket getSocket()
+  {
+    return (SSLSocket) getSource();
+  }
+}
diff --git a/libjava/classpath/javax/net/ssl/HandshakeCompletedListener.java b/libjava/classpath/javax/net/ssl/HandshakeCompletedListener.java
new file mode 100644
index 0000000..98584f2
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/HandshakeCompletedListener.java
@@ -0,0 +1,57 @@
+/* HandshakeCompletedListener.java -- listens for handshake events.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * An event listener that waits to be notified of {@link
+ * HandshakeCompletedEvent} objects created when handshake phase of
+ * the SSL protocol is completed for a particular connection.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public interface HandshakeCompletedListener extends java.util.EventListener
+{
+
+  /**
+   * Called when the handshake phase of the SSL protocol completes.
+   *
+   * @param event The event describing the new connection.
+   */
+  void handshakeCompleted(HandshakeCompletedEvent event);
+}
diff --git a/libjava/classpath/javax/net/ssl/HostnameVerifier.java b/libjava/classpath/javax/net/ssl/HostnameVerifier.java
new file mode 100644
index 0000000..4b04656
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/HostnameVerifier.java
@@ -0,0 +1,64 @@
+/* HostnameVerifier.java -- verifies disparate hostnames.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * The interface for classes that perform hostname verification for cases
+ * when the hostname used to begin the connection (such as in a URL)
+ * does not match the hostname used in the SSL handshake.
+ * Implementations of this interface should provide an implementation
+ * of the {@link #verify(java.lang.String,javax.net.ssl.SSLSession)}
+ * method that accepts or rejects hostnames as appropriate.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public interface HostnameVerifier
+{
+
+  /**
+   * Verifies a hostname given a particular SSL session. This method
+   * should return <code>true</code> if the hostname is an accepted
+   * alias for the hostname negotiated in the SSL handshake.
+   *
+   * @param hostname The hostname in question.
+   * @param session  The current SSL session.
+   * @return <code>true</code> if the hostname is acceptable.
+   */
+  boolean verify(String hostname, SSLSession session);
+}
diff --git a/libjava/classpath/javax/net/ssl/HttpsURLConnection.java b/libjava/classpath/javax/net/ssl/HttpsURLConnection.java
new file mode 100644
index 0000000..4c73edb
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/HttpsURLConnection.java
@@ -0,0 +1,280 @@
+/* HttpsURLConnection.java -- an HTTPS connection.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.net.URL;
+import java.security.cert.Certificate;
+
+/**
+ * A URL connection that connects via the <i>Secure Socket Layer</i>
+ * (<b>SSL</b>) for HTTPS connections.
+ *
+ * <p>This class may be used in the same way as {@link
+ * HttpURLConnection}, and it will transparently negotiate the SSL
+ * connection.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public abstract class HttpsURLConnection extends HttpURLConnection
+{
+
+  // Fields.
+  // ------------------------------------------------------------------
+
+  /**
+   * The default verifier.
+   * This is lazily initialized as required.
+   * @see #getDefaultHostnameVerifier
+   */
+  private static HostnameVerifier defaultVerifier;
+
+  /**
+   * The default factory.
+   * This is lazily initialized as required.
+   * @see #getDefaultSSLSocketFactory
+   */
+  private static SSLSocketFactory defaultFactory;
+
+  /**
+   * The hostname verifier used for this connection.
+   */
+  protected HostnameVerifier hostnameVerifier;
+
+  /**
+   * This connection's socket factory.
+   */
+  private SSLSocketFactory factory;
+
+  // Constructor.
+  // ------------------------------------------------------------------
+
+  /**
+   * Creates a new HTTPS URL connection.
+   *
+   * @param url The URL of the connection being established.
+   * @throws IOException If the connection cannot be established.
+   */
+  protected HttpsURLConnection(URL url) throws IOException
+  {
+    super(url);
+  }
+
+  // Class methods.
+  // ------------------------------------------------------------------
+
+  /**
+   * Returns the default hostname verifier used in all new
+   * connections.
+   * If the default verifier has not been set, a new default one will be
+   * provided by this method.
+   *
+   * @return The default hostname verifier.
+   */
+  public static synchronized HostnameVerifier getDefaultHostnameVerifier()
+  {
+    if (defaultVerifier == null)
+      {
+        defaultVerifier = new TrivialHostnameVerifier();
+      }
+    return defaultVerifier;
+  }
+
+  /**
+   * Sets the default hostname verifier to be used in all new
+   * connections.
+   *
+   * @param newDefault The new default hostname verifier.
+   * @throws IllegalArgumentException If <i>newDefault</i> is null.
+   * @throws SecurityException If there is a security manager
+   *   currently installed and the caller does not have the {@link
+   *   SSLPermission} "setHostnameVerifier".
+   */
+  public static void setDefaultHostnameVerifier(HostnameVerifier newDefault)
+  {
+    if (newDefault == null)
+      throw new IllegalArgumentException("default verifier cannot be null");
+    SecurityManager sm = System.getSecurityManager();
+    if (sm != null)
+      sm.checkPermission(new SSLPermission("setHostnameVerifier"));
+    synchronized (HttpsURLConnection.class)
+      {
+        defaultVerifier = newDefault;
+      }
+  }
+
+  /**
+   * Returns the default SSL socket factory used in all new
+   * connections.
+   * If the default SSL socket factory has not been set, a new default one
+   * will be provided by this method.
+   *
+   * @return The default SSL socket factory.
+   */
+  public static synchronized SSLSocketFactory getDefaultSSLSocketFactory()
+  {
+    if (defaultFactory == null)
+      {
+        try
+          {
+            defaultFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
+          }
+        catch (Throwable t)
+          {
+            t.printStackTrace();
+          }
+      }
+    return defaultFactory;
+  }
+
+  /**
+   * Sets the default SSL socket factory to be used in all new
+   * connections.
+   *
+   * @param newDefault The new socket factory.
+   * @throws IllegalArgumentException If <i>newDefault</i> is null.
+   * @throws SecurityException If there is a security manager
+   *   installed and a call to {@link
+   *   SecurityManager#checkSetFactory()} fails.
+   */
+  public static void setDefaultSSLSocketFactory(SSLSocketFactory newDefault)
+  {
+    if (newDefault == null)
+      throw new IllegalArgumentException("default factory cannot be null");
+    SecurityManager sm = System.getSecurityManager();
+    if (sm != null)
+      sm.checkSetFactory();
+    synchronized (HttpsURLConnection.class)
+      {
+        defaultFactory = newDefault;
+      }
+  }
+
+  // Instance methods.
+  // ------------------------------------------------------------------
+
+  /**
+   * Returns the current hostname verifier for this instance.
+   *
+   * @return The hostname verifier.
+   */
+  public HostnameVerifier getHostnameVerifier()
+  {
+    if (hostnameVerifier == null)
+      {
+        hostnameVerifier = getDefaultHostnameVerifier();
+      }
+    return hostnameVerifier;
+  }
+
+  /**
+   * Sets the hostname verifier for this instance.
+   *
+   * @param hostnameVerifier The new verifier.
+   * @throws IllegalArgumentException If <i>hostnameVerifier</i> is
+   *   null.
+   */
+  public void setHostnameVerifier(HostnameVerifier hostnameVerifier)
+  {
+    if (hostnameVerifier == null)
+      throw new IllegalArgumentException("verifier cannot be null");
+    this.hostnameVerifier = hostnameVerifier;
+  }
+
+  /**
+   * Returns the current SSL socket factory for this instance.
+   *
+   * @return The current SSL socket factory.
+   */
+  public SSLSocketFactory getSSLSocketFactory()
+  {
+    if (factory == null)
+      {
+        factory = getDefaultSSLSocketFactory();
+      }
+    return factory;
+  }
+
+  /**
+   * Sets the SSL socket factory for this instance.
+   *
+   * @param factory The new factory.
+   * @throws IllegalArgumentException If <i>factory</i> is null.
+   */
+  public void setSSLSocketFactory(SSLSocketFactory factory)
+  {
+    if (factory == null)
+      throw new IllegalArgumentException("factory cannot be null");
+    this.factory = factory;
+  }
+
+  // Abstract methods.
+  // -------------------------------------------------------------------
+
+  /**
+   * Returns the cipher name negotiated for this connection.
+   *
+   * @return The cipher name.
+   * @throws IllegalStateException If the connection has not yet been
+   *   established.
+   */
+  public abstract String getCipherSuite();
+
+  /**
+   * Returns the certificates used on the local side in this
+   * connection.
+   *
+   * @return The local certificates.
+   * @throws IllegalStateException If the connection has not yet been
+   *  established.
+   */
+  public abstract Certificate[] getLocalCertificates();
+
+  /**
+   * Returns the certificates sent by the other party.
+   *
+   * @return The peer's certificates.
+   * @throws IllegalStateException If the connection has not yet been
+   *   established.
+   * @throws SSLPeerUnverifiedException If the peer could not be
+   *   verified.
+   */
+  public abstract Certificate[] getServerCertificates() throws SSLPeerUnverifiedException;
+}
diff --git a/libjava/classpath/javax/net/ssl/KeyManager.java b/libjava/classpath/javax/net/ssl/KeyManager.java
new file mode 100644
index 0000000..688faa5
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/KeyManager.java
@@ -0,0 +1,51 @@
+/* KeyManager.java -- marker interface for key manager classes.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * A marker interface for objects that serve as key managers in SSL
+ * communications. Key managers typically keep track of the public
+ * certificates and private keys when authenticating the local host to
+ * remote host, and thus is typically used in SSL servers.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public interface KeyManager
+{
+}
diff --git a/libjava/classpath/javax/net/ssl/KeyManagerFactory.java b/libjava/classpath/javax/net/ssl/KeyManagerFactory.java
new file mode 100644
index 0000000..ab8abd6
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/KeyManagerFactory.java
@@ -0,0 +1,280 @@
+/* KeyManagerFactory.java -- factory for key managers.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import gnu.java.security.Engine;
+
+import java.lang.reflect.InvocationTargetException;
+import java.security.AccessController;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivilegedAction;
+import java.security.Provider;
+import java.security.Security;
+import java.security.UnrecoverableKeyException;
+
+/**
+ * A class that creates key manager implementations based on a
+ * requested algorithm.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public class KeyManagerFactory
+{
+
+  // Constants and fields.
+  // ------------------------------------------------------------------
+
+  /** The service name for key manager factories. */
+  private static final String KEY_MANAGER_FACTORY = "KeyManagerFactory";
+
+  /** The system default trust manager algorithm. */
+  private static final String DEFAULT_ALGORITHM = "JessieX509";
+
+  /** The underlying engine. */
+  private final KeyManagerFactorySpi kmfSpi;
+
+  /** The provider of this implementation. */
+  private final Provider provider;
+
+  /** The name of this algorithm. */
+  private final String algorithm;
+
+  // Constructor.
+  // ------------------------------------------------------------------
+
+  /**
+   * Create a new key manager factory.
+   *
+   * @param kmfSpi The underlying engine.
+   * @param provider The engine's provider.
+   * @param algorithm The name of this algorithm.
+   */
+  protected KeyManagerFactory(KeyManagerFactorySpi kmfSpi,
+                              Provider provider, String algorithm)
+  {
+    this.kmfSpi = kmfSpi;
+    this.provider = provider;
+    this.algorithm = algorithm;
+  }
+
+  // Class methods.
+  // ------------------------------------------------------------------
+
+  /**
+   * Get the default algorithm name. This value may be specified at
+   * run-time via the security property
+   * "ssl.KeyManagerFactory.algorithm". If this property is
+   * not specified, this method returns "JessieX509".
+   *
+   * @return The default key manager factory algorithm's name.
+   */
+  public static final String getDefaultAlgorithm()
+  {
+    String alg = null;
+    try
+      {
+        alg = (String) AccessController.doPrivileged(
+          new PrivilegedAction()
+          {
+            public Object run()
+            {
+              return Security.getProperty("ssl.KeyManagerFactory.algorithm");
+            }
+          }
+        );
+      }
+    catch (SecurityException se)
+      {
+      }
+    if (alg == null)
+      alg = DEFAULT_ALGORITHM;
+    return alg;
+  }
+
+  /**
+   * Get an instance of the named key manager factory, from the first
+   * provider that implements it.
+   *
+   * @param algorithm The type of key manager factory to get.
+   * @return An appropriate implementation of that algoritm.
+   * @throws NoSuchAlgorithmException If no provider implements the
+   *   requested algorithm.
+   */
+  public static final KeyManagerFactory getInstance(String algorithm)
+    throws NoSuchAlgorithmException
+  {
+    Provider[] provs = Security.getProviders();
+    for (int i = 0; i < provs.length; i++)
+      {
+        try
+          {
+            return getInstance(algorithm, provs[i]);
+          }
+        catch (NoSuchAlgorithmException ignore)
+          {
+          }
+      }
+    throw new NoSuchAlgorithmException(algorithm);
+  }
+
+  /**
+   * Get an instance of the named key manager factory, from the named
+   * provider.
+   *
+   * @param algorithm The type of key manager factory to get.
+   * @param provider The name of the provider to get the
+   *   implementation from.
+   * @return An appropriate implementation of that algorithm.
+   * @throws NoSuchAlgorithmException If the provider does not
+   *   implement the requested algorithm.
+   * @throws NoSuchProviderException If the named provider does not
+   *   exist.
+   */
+  public static final KeyManagerFactory getInstance(String algorithm, String provider)
+    throws NoSuchAlgorithmException, NoSuchProviderException
+  {
+    if (provider == null)
+      throw new IllegalArgumentException("provider is null");
+    Provider p = Security.getProvider(provider);
+    if (p == null)
+      throw new NoSuchProviderException(provider);
+    return getInstance(algorithm, p);
+  }
+
+  /**
+   * Get an instance of the named key manager factory, from the given
+   * provider.
+   *
+   * @param algorithm The type of key manager factory to get.
+   * @param provider The provider to get the implementation from.
+   * @return An appropriate implementation of that algorithm.
+   * @throws NoSuchAlgorithmException If the provider does not
+   *   implement the requested algorithm.
+   * @throws IllegalArgumentException If <i>provider</i> is null.
+   */
+  public static final KeyManagerFactory getInstance(String algorithm, Provider provider)
+    throws NoSuchAlgorithmException
+  {
+    if (provider == null)
+      throw new IllegalArgumentException("provider is null");
+    try
+      {
+        return new KeyManagerFactory((KeyManagerFactorySpi)
+          Engine.getInstance(KEY_MANAGER_FACTORY, algorithm, provider),
+          provider, algorithm);
+      }
+    catch (InvocationTargetException ite)
+      {
+        throw new NoSuchAlgorithmException(algorithm);
+      }
+    catch (ClassCastException cce)
+      {
+        throw new NoSuchAlgorithmException(algorithm);
+      }
+  }
+
+  // Instance methods.
+  // -------------------------------------------------------------------
+
+  /**
+   * Returns the name of this key manager factory algorithm.
+   *
+   * @return The name of this key manager factory algorithm.
+   */
+  public final String getAlgorithm()
+  {
+    return algorithm;
+  }
+
+  /**
+   * Get an array of key managers appropriate for this algorithm, with
+   * the most preferred manager first.
+   *
+   * @return The array of key managers.
+   */
+  public final KeyManager[] getKeyManagers()
+  {
+    return kmfSpi.engineGetKeyManagers();
+  }
+
+  /**
+   * Returns the provider of this implementation.
+   *
+   * @return The provider of this implementation.
+   */
+  public final Provider getProvider()
+  {
+    return provider;
+  }
+
+  /**
+   * Initialize this instance with an implementation-dependent
+   * parameter object.
+   *
+   * @param params The parameters to initialize with.
+   * @throws InvalidAlgorithmParameterException If the specified
+   *   parameters are inappropriate.
+   */
+  public final void init(ManagerFactoryParameters params)
+    throws InvalidAlgorithmParameterException
+  {
+    kmfSpi.engineInit(params);
+  }
+
+  /**
+   * Initialize this instance with a key store and a password for
+   * private key entries.
+   *
+   * @param store The key store to read.
+   * @param passwd The password protecting private keys in the store.
+   * @throws KeyStoreException If an error occurs reading the keys.
+   * @throws NoSuchAlgorithmException If an algorithm (such as a
+   *   certificate algorithm) is not available.
+   * @throws UnrecoverableKeyException If the password is incorrect.
+   */
+  public final void init(KeyStore store, char[] passwd)
+    throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException
+  {
+    kmfSpi.engineInit(store, passwd);
+  }
+}
diff --git a/libjava/classpath/javax/net/ssl/KeyManagerFactorySpi.java b/libjava/classpath/javax/net/ssl/KeyManagerFactorySpi.java
new file mode 100644
index 0000000..a74bcee
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/KeyManagerFactorySpi.java
@@ -0,0 +1,102 @@
+/* KeyManagerFactorySpi.java -- SPI for key manager factories.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+
+/**
+ * The <i>Service Provider Interface</i> (<b>SPI</b>) for key manager
+ * factories.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public abstract class KeyManagerFactorySpi
+{
+
+  // Constructor.
+  // ------------------------------------------------------------------
+
+  public KeyManagerFactorySpi()
+  {
+    super();
+  }
+
+  // Abstract methods.
+  // ------------------------------------------------------------------
+
+  /**
+   * Engine method for retrieving this factory's key managers.
+   *
+   * @return The key managers.
+   */
+  protected abstract KeyManager[] engineGetKeyManagers();
+
+  /**
+   * Engine method for initializing this factory with some
+   * algorithm-specific parameters.
+   *
+   * @param params The factory parameters.
+   * @throws InvalidAlgorithmParameterException If the supplied parameters
+   *   are inappropriate for this instance.
+   */
+  protected abstract void engineInit(ManagerFactoryParameters params)
+    throws InvalidAlgorithmParameterException;
+
+  /**
+   * Engine method for initializing this factory with a key store and a
+   * password for private keys. Either parameter may be <code>null</code>,
+   * in which case some default parameters (possibly derived from system
+   * properties) should be used.
+   *
+   * @param store The key store.
+   * @param passwd The private key password.
+   * @throws KeyStoreException If the key store cannot be accessed.
+   * @throws NoSuchAlgorithmException If some of the data from the key
+   *   store cannot be retrieved.
+   * @throws UnrecoverableKeyException If a private key cannot be retrieved,
+   *   likely from a wrong password.
+   */
+  protected abstract void engineInit(KeyStore store, char[] passwd)
+    throws KeyStoreException, NoSuchAlgorithmException,
+           UnrecoverableKeyException;
+}
diff --git a/libjava/classpath/javax/net/ssl/ManagerFactoryParameters.java b/libjava/classpath/javax/net/ssl/ManagerFactoryParameters.java
new file mode 100644
index 0000000..59c9215
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/ManagerFactoryParameters.java
@@ -0,0 +1,50 @@
+/* ManagerFactoryParameters.java -- marker interface for manager parameters.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * A marker interface for classes that serve as key or trust manager
+ * parameters, used to initialize instances of {@link
+ * KeyManagerFactory} or {@link TrustManagerFactory}.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public interface ManagerFactoryParameters
+{
+}
diff --git a/libjava/classpath/javax/net/ssl/SSLContext.java b/libjava/classpath/javax/net/ssl/SSLContext.java
new file mode 100644
index 0000000..eaf3e36
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLContext.java
@@ -0,0 +1,267 @@
+/* SSLContext.java -- an SSL protocol context.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import gnu.java.security.Engine;
+
+import java.lang.reflect.InvocationTargetException;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.SecureRandom;
+import java.security.Security;
+
+/**
+ * A "meta-factory" for protocol-specific socket and server socket
+ * factories. This class serves as a clearinghouse for socket
+ * factories and cached session contexts for a particular protocol,
+ * such as SSLv3.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public class SSLContext
+{
+  // Constants and fields.
+  // ------------------------------------------------------------------
+
+  /** Service name for SSL contexts. */
+  private static final String SSL_CONTEXT = "SSLContext";
+
+  /** The underlying engine. */
+  private final SSLContextSpi ctxSpi;
+
+  /** The provider of the engine class. */
+  private final Provider provider;
+
+  /** The protocal name. */
+  private final String protocol;
+
+  // Constructor.
+  // ------------------------------------------------------------------
+
+  /**
+   * Create a new SSL context.
+   *
+   * @param ctxSpi The context engine.
+   * @param provider The provider of the implementation.
+   * @param protocol The name of the SSL protocol.
+   */
+  protected SSLContext(SSLContextSpi ctxSpi, Provider provider,
+                       String protocol)
+  {
+    this.ctxSpi = ctxSpi;
+    this.provider = provider;
+    this.protocol = protocol;
+  }
+
+  // Class methods.
+  // ------------------------------------------------------------------
+
+  /**
+   * Get an instance of a context for the specified protocol from the
+   * first provider that implements it.
+   *
+   * @param protocol The name of the protocol to get a context for.
+   * @return The new context.
+   * @throws NoSuchAlgorithm If no provider implements the given
+   *   protocol.
+   */
+  public static final SSLContext getInstance(String protocol)
+    throws NoSuchAlgorithmException
+  {
+    Provider[] provs = Security.getProviders();
+    for (int i = 0; i < provs.length; i++)
+      {
+        try
+          {
+            return getInstance(protocol, provs[i]);
+          }
+        catch (NoSuchAlgorithmException ignore)
+          {
+          }
+      }
+    throw new NoSuchAlgorithmException(protocol);
+  }
+
+  /**
+   * Get an instance of a context for the specified protocol from the
+   * named provider.
+   *
+   * @param protocol The name of the protocol to get a context for.
+   * @param provider The name of the provider to get the
+   *   implementation from.
+   * @return The new context.
+   * @throws NoSuchAlgorithmException If the provider does not
+   *   implement the given protocol.
+   * @throws NoSuchProviderException If the named provider does not
+   *   exist.
+   * @throws IllegalArgumentException If <i>provider</i> is null.
+   */
+  public static final SSLContext getInstance(String protocol,
+                                             String provider)
+    throws NoSuchAlgorithmException, NoSuchProviderException
+  {
+    if (provider == null)
+      {
+        throw new IllegalArgumentException("null provider");
+      }
+    Provider p = Security.getProvider(provider);
+    if (p == null)
+      {
+        throw new NoSuchProviderException(provider);
+      }
+    return getInstance(protocol, p);
+  }
+
+  /**
+   * Get an instance of a context for the specified protocol from the
+   * specified provider.
+   *
+   * @param protocol The name of the protocol to get a context for.
+   * @param provider The name of the provider to get the
+   *   implementation from.
+   * @return The new context.
+   * @throws NoSuchAlgorithmException If the provider does not
+   *   implement the given protocol.
+   * @throws IllegalArgumentException If <i>provider</i> is null.
+   */
+  public static final SSLContext getInstance(String protocol,
+                                             Provider provider)
+    throws NoSuchAlgorithmException
+  {
+    try
+      {
+        return new SSLContext((SSLContextSpi)
+          Engine.getInstance(SSL_CONTEXT, protocol, provider),
+          provider, protocol);
+      }
+    catch (InvocationTargetException ite)
+      {
+        NoSuchAlgorithmException nsae = new NoSuchAlgorithmException(protocol);
+        throw (NoSuchAlgorithmException) nsae.initCause(ite);
+      }
+    catch (ClassCastException cce)
+      {
+        NoSuchAlgorithmException nsae = new NoSuchAlgorithmException(protocol);
+        throw (NoSuchAlgorithmException) nsae.initCause(cce);
+      }
+  }
+
+  // Instance methods.
+  // -----------------------------------------------------------------
+
+  /**
+   * Returns the set of SSL contexts available for client connections.
+   *
+   * @return The set of SSL contexts available for client connections.
+   */
+  public final SSLSessionContext getClientSessionContext()
+  {
+    return ctxSpi.engineGetClientSessionContext();
+  }
+
+  /**
+   * Returns the protocol name of this context.
+   *
+   * @return The protocol name of this context.
+   */
+  public final String getProtocol()
+  {
+    return protocol;
+  }
+
+  /**
+   * Returns the provider of this implementation.
+   *
+   * @return The provider of this implementation.
+   */
+  public final Provider getProvider()
+  {
+    return provider;
+  }
+
+  /**
+   * Returns the set of SSL contexts available for server connections.
+   *
+   * @return The set of SSL contexts available for server connections.
+   */
+  public final SSLSessionContext getServerSessionContext()
+  {
+    return ctxSpi.engineGetServerSessionContext();
+  }
+
+  /**
+   * Returns the factory for server SSL sockets.
+   *
+   * @return The factory for server SSL sockets.
+   */
+  public final SSLServerSocketFactory getServerSocketFactory()
+  {
+    return ctxSpi.engineGetServerSocketFactory();
+  }
+
+  /**
+   * Returns the factory for client SSL sockets.
+   *
+   * @return The factory for client SSL sockets.
+   */
+  public final SSLSocketFactory getSocketFactory()
+  {
+    return ctxSpi.engineGetSocketFactory();
+  }
+
+  /**
+   * Initializes this context and prepares it for producing socket
+   * factories. All of the parameters are optional; default values are
+   * used if left unspecified.
+   *
+   * @param keyManagers The set of key managers to use.
+   * @param trustManagers The set of trust managers to use.
+   * @param random A source of random bits to use.
+   * @throws KeyManagementException If initialization fails.
+   */
+  public final void init(KeyManager[] keyManagers,
+                         TrustManager[] trustManagers,
+                         SecureRandom random)
+    throws KeyManagementException
+  {
+    ctxSpi.engineInit(keyManagers, trustManagers, random);
+  }
+}
diff --git a/libjava/classpath/javax/net/ssl/SSLContextSpi.java b/libjava/classpath/javax/net/ssl/SSLContextSpi.java
new file mode 100644
index 0000000..a6b0c75
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLContextSpi.java
@@ -0,0 +1,109 @@
+/* SSLContextSpi.java -- SPI for SSL contexts.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.security.KeyManagementException;
+import java.security.SecureRandom;
+
+/**
+ * The <i>Service Provider Interface</i> (<b>SPI</b>) for SSLContext
+ * objects.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public abstract class SSLContextSpi
+{
+
+  // Constructor.
+  // -------------------------------------------------------------------
+
+  /**
+   * Create a new SSLContextSpi.
+   */
+  public SSLContextSpi()
+  {
+    super();
+  }
+
+  // Abstract methods.
+  // -------------------------------------------------------------------
+
+  /**
+   * Returns the set of SSL sessions available for client connections.
+   *
+   * @return The set of SSL sessions available for client connections.
+   */
+  protected abstract SSLSessionContext engineGetClientSessionContext();
+
+  /**
+   * Returns the set of SSL sessions available for server connections.
+   *
+   * @return The set of SSL sessions available for server connections.
+   */
+  protected abstract SSLSessionContext engineGetServerSessionContext();
+
+  /**
+   * Returns the SSL server socket factory.
+   *
+   * @return The SSL server socket factory.
+   */
+  protected abstract SSLServerSocketFactory engineGetServerSocketFactory();
+
+  /**
+   * Returns the SSL client socket factory.
+   *
+   * @return The SSL client socket factory.
+   */
+  protected abstract SSLSocketFactory engineGetSocketFactory();
+
+  /**
+   * Initialize this context with key and trust managers, and a source
+   * of randomness. All of the parameters are optional.
+   *
+   * @param keyManagers The set of key managers.
+   * @param trustManagers The set of trust managers.
+   * @param random The source of randomness.
+   * @throws KeyManagementException If this context cannot be
+   *   initialized with these parameters.
+   */
+  protected abstract void engineInit(KeyManager[] keyManagers,
+                                     TrustManager[] trustManagers,
+                                     SecureRandom random)
+    throws KeyManagementException;
+}
diff --git a/libjava/classpath/javax/net/ssl/SSLException.java b/libjava/classpath/javax/net/ssl/SSLException.java
new file mode 100644
index 0000000..91d4cb7
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLException.java
@@ -0,0 +1,59 @@
+/* SSLException.java -- generic SSL exception.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.io.IOException;
+
+/**
+ * The superclass of all possible SSL exceptions. Usually, a specific
+ * exception is thrown instead of this exception.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public class SSLException extends IOException
+{
+
+  // Constructor.
+  // ------------------------------------------------------------------
+
+  public SSLException(String message)
+  {
+    super(message);
+  }
+}
diff --git a/libjava/classpath/javax/net/ssl/SSLHandshakeException.java b/libjava/classpath/javax/net/ssl/SSLHandshakeException.java
new file mode 100644
index 0000000..2572d3b
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLHandshakeException.java
@@ -0,0 +1,51 @@
+/* SSLHandshakeException.java -- exception in SSL handshake.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * An exception that signals an error in the SSL handshake phase.
+ */
+public class SSLHandshakeException extends SSLException
+{
+
+  public SSLHandshakeException(String message)
+  {
+    super(message);
+  }
+}
diff --git a/libjava/classpath/javax/net/ssl/SSLKeyException.java b/libjava/classpath/javax/net/ssl/SSLKeyException.java
new file mode 100644
index 0000000..bab4727
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLKeyException.java
@@ -0,0 +1,52 @@
+/* SSLKeyException.java -- exception in using a key in SSL.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * An exception signaling a problem using a public or private key in
+ * an SSL communication.
+ */
+public class SSLKeyException extends SSLException
+{
+
+  public SSLKeyException(String message)
+  {
+    super(message);
+  }
+}
diff --git a/libjava/classpath/javax/net/ssl/SSLPeerUnverifiedException.java b/libjava/classpath/javax/net/ssl/SSLPeerUnverifiedException.java
new file mode 100644
index 0000000..c53fcdf
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLPeerUnverifiedException.java
@@ -0,0 +1,51 @@
+/* SSLPeerUnverifiedException.java -- unverified peer exception.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * An exception thrown when the remote peer could not be verified.
+ */
+public class SSLPeerUnverifiedException extends SSLException
+{
+
+  public SSLPeerUnverifiedException(String message)
+  {
+    super(message);
+  }
+}
diff --git a/libjava/classpath/javax/net/ssl/SSLPermission.java b/libjava/classpath/javax/net/ssl/SSLPermission.java
new file mode 100644
index 0000000..4b1e295
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLPermission.java
@@ -0,0 +1,66 @@
+/* SSLPermission.java -- SSL permission class.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.security.BasicPermission;
+
+/**
+ * A permission used for accessing SSL classes.
+ */
+public final class SSLPermission extends BasicPermission
+{
+
+  // Constant.
+  // -------------------------------------------------------------------------
+
+  private static final long serialVersionUID = -3456898025505876775L;
+
+  // Constructors.
+  // -------------------------------------------------------------------------
+
+  public SSLPermission(String name)
+  {
+    super(name);
+  }
+
+  public SSLPermission(String name, String actions)
+  {
+    super(name, actions);
+  }
+}
diff --git a/libjava/classpath/javax/net/ssl/SSLProtocolException.java b/libjava/classpath/javax/net/ssl/SSLProtocolException.java
new file mode 100644
index 0000000..5f9f327
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLProtocolException.java
@@ -0,0 +1,53 @@
+/* SSLProtocolException.java -- exception in SSL protocol.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * An exception thrown when a fatal protocol error is encountered. This
+ * exception usually indicates some serious problem with the local or
+ * remote SSL implementation.
+ */
+public class SSLProtocolException extends SSLException
+{
+
+  public SSLProtocolException(String message)
+  {
+    super(message);
+  }
+}
diff --git a/libjava/classpath/javax/net/ssl/SSLServerSocket.java b/libjava/classpath/javax/net/ssl/SSLServerSocket.java
new file mode 100644
index 0000000..5748c07
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLServerSocket.java
@@ -0,0 +1,188 @@
+/* SSLServerSocket.java -- a server socket for SSL connections.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.io.IOException;
+
+import java.net.InetAddress;
+import java.net.ServerSocket;
+
+/**
+ * A server socket that allows clients to connect via the SSL protocol.
+ */
+public abstract class SSLServerSocket extends ServerSocket
+{
+
+  // Constructors.
+  // -------------------------------------------------------------------------
+
+  protected SSLServerSocket() throws IOException
+  {
+    super();
+    //super(0);
+    //throw new UnsupportedOperationException("1.4 socket methods not enabled");
+  }
+
+  protected SSLServerSocket(int port) throws IOException
+  {
+    super(port);
+  }
+
+  protected SSLServerSocket(int port, int backlog) throws IOException
+  {
+    super(port, backlog);
+  }
+
+  protected SSLServerSocket(int port, int backlog, InetAddress bindAddress)
+    throws IOException
+  {
+    super(port, backlog, bindAddress);
+  }
+
+  // Abstract methods.
+  // -------------------------------------------------------------------------
+
+  /**
+   * Returns the list of cihper suites that are currently enabled in this
+   * server socket. Sockets accepted by this server socket will only have
+   * these suites enabled.
+   *
+   * @return The enabled cipher suites.
+   */
+  public abstract String[] getEnabledCipherSuites();
+
+  /**
+   * Sets the list enabled cipher suites.
+   *
+   * @param suites The cipher suites to enable.
+   */
+  public abstract void setEnabledCipherSuites(String[] suites);
+
+  /**
+   * Returns the list of enabled protocols, such as "SSLv3" and "TLSv1".
+   *
+   * @return The enabled protocols.
+   */
+  public abstract String[] getEnabledProtocols();
+
+  /**
+   * Sets the list of enabled protocols.
+   *
+   * @param protocols The list of protocols to enable.
+   */
+  public abstract void setEnabledProtocols(String[] protocols);
+
+  /**
+   * Returns whether or not sessions will be created, i.e., whether or not
+   * this server socket will allow SSL session resumption.
+   *
+   * @return True if sessions will be created.
+   */
+  public abstract boolean getEnableSessionCreation();
+
+  /**
+   * Sets whether or not sessions will be created.
+   *
+   * @param enabled The new enabled value.
+   */
+  public abstract void setEnableSessionCreation(boolean enabled);
+
+  /**
+   * Returns whether or not this server socket will require clients to
+   * authenticate themselves, such as through a certificate.
+   *
+   * @return True if clients must authenticate themselves.
+   */
+  public abstract boolean getNeedClientAuth();
+
+  /**
+   * Enabled or disables the requirement that clients authenticate themselves.
+   * When this is set to <code>true</code>, connections will be rejected if
+   * connecting clients do not provide proper authentication.
+   *
+   * @param needAuth The new need auth value.
+   */
+  public abstract void setNeedClientAuth(boolean needAuth);
+
+  /**
+   * Returns whether or not sockets accepted by this server socket will do
+   * their handshake as the client-side. The default is false.
+   *
+   * @return True if client mode will be used.
+   */
+  public abstract boolean getUseClientMode();
+
+  /**
+   * Sets whether or not sockets accepted by this server socket will be
+   * created in client mode.
+   *
+   * @param clientMode The new client mode value.
+   */
+  public abstract void setUseClientMode(boolean clientMode);
+
+  /**
+   * Returns whether or not this socket will ask for, but not require, that
+   * connecting clients authenticate themselves. Clients that do not
+   * provide authentication they will still be allowed to connect.
+   *
+   * @return True if this server socket wants client authentication.
+   */
+  public abstract boolean getWantClientAuth();
+
+  /**
+   * Sets whether or not this server socket will want client authentication.
+   *
+   * @param wantAuth The new want auth value.
+   */
+  public abstract void setWantClientAuth(boolean wantAuth);
+
+  /**
+   * Returns a list of cipher suites that this server socket supports.
+   *
+   * @return The list of supported suites.
+   */
+  public abstract String[] getSupportedCipherSuites();
+
+  /**
+   * Returns a list of SSL protocols supported by this server socket.
+   *
+   * @return The list of supported protocols.
+   */
+  public abstract String[] getSupportedProtocols();
+}
diff --git a/libjava/classpath/javax/net/ssl/SSLServerSocketFactory.java b/libjava/classpath/javax/net/ssl/SSLServerSocketFactory.java
new file mode 100644
index 0000000..f02619a
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLServerSocketFactory.java
@@ -0,0 +1,172 @@
+/* SSLServerSocketFactory.java -- factory for SSL server sockets.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.security.KeyStore;
+import java.security.Security;
+
+import javax.net.ServerSocketFactory;
+
+/**
+ * A server socket factory for <i>Secure Socket Layer</i> (<b>SSL</b>)
+ * server sockets.
+ */
+public abstract class SSLServerSocketFactory extends ServerSocketFactory
+{
+  // Field.
+  // -------------------------------------------------------------------------
+
+  private static SSLContext context;
+
+  // Constructor.
+  // -------------------------------------------------------------------------
+
+  protected SSLServerSocketFactory()
+  {
+    super();
+  }
+
+  // Class methods.
+  // -------------------------------------------------------------------------
+
+  /**
+   * Returns a default implementation of a SSL server socket factory.
+   *
+   * <p>To control the class that gets returned by this method, set the
+   * security property "ssl.ServerSocketFactory.provider" to the class
+   * name of a concrete implementation of this class. If not set, a
+   * system-dependent implementation will be used.</p>
+   *
+   * <p>The implementation returned is created by the first implementation
+   * of the {@link SSLContext} class found, which is initialized with
+   * default parameters. To control the key and trust manager factory
+   * algorithms used as defaults, set the security properties
+   * "ssl.keyManagerFactory.algorithm" and "ssl.trustManagerFactory.algorithm"
+   * to the appropriate names.</p>
+   *
+   * <p>Using this method is not recommended. Instead, use the methods of
+   * {@link SSLContext}, which provide much better control over the
+   * creation of server socket factories.</p>
+   *
+   * @return The default server socket factory.
+   * @throws RuntimeException If no default can be created.
+   */
+  public static synchronized ServerSocketFactory getDefault()
+  {
+    try
+      {
+        String s = Security.getProperty("ssl.ServerSocketFactory.provider");
+        ClassLoader cl = ClassLoader.getSystemClassLoader();
+        if (s != null && cl != null)
+          {
+            return (ServerSocketFactory) cl.loadClass(s).newInstance();
+          }
+      }
+    catch (Exception e)
+      {
+      }
+    if (context == null)
+      {
+        KeyManager[] km = null;
+        TrustManager[] tm = null;
+
+        // 1. Determine which algorithms to use for the key and trust
+        // manager factories.
+        String kmAlg = KeyManagerFactory.getDefaultAlgorithm();
+        String tmAlg = TrustManagerFactory.getDefaultAlgorithm();
+        // 2. Try to initialize the factories with default parameters.
+        try
+          {
+            KeyManagerFactory kmf = KeyManagerFactory.getInstance(kmAlg);
+            kmf.init(null, null);
+            km = kmf.getKeyManagers();
+          }
+        catch (Exception ex)
+          {
+          }
+        try
+          {
+            TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmAlg);
+            tmf.init((KeyStore) null);
+            tm = tmf.getTrustManagers();
+          }
+        catch (Exception ex)
+          {
+          }
+
+        // 3. Create and initialize a context.
+        try
+          {
+            context = SSLContext.getInstance("SSLv3");
+            context.init(km, tm, null);
+          }
+        catch (Exception ex)
+          {
+            throw new RuntimeException("error instantiating default server socket factory: "
+                                       + ex.toString());
+          }
+      }
+    try
+      {
+        return context.getServerSocketFactory();
+      }
+    catch (Exception e)
+      {
+      }
+    throw new RuntimeException("no SSLSocketFactory implementation available");
+  }
+
+  // Abstract methods.
+  // -------------------------------------------------------------------------
+
+  /**
+   * Returns the list of cipher suites that will be enabled in server sockets
+   * created by this factory.
+   *
+   * @return The default cipher suites.
+   */
+  public abstract String[] getDefaultCipherSuites();
+
+  /**
+   * Returns the list of all cipher suites supported by this factory.
+   *
+   * @return The list of supported cipher suites.
+   */
+  public abstract String[] getSupportedCipherSuites();
+}
diff --git a/libjava/classpath/javax/net/ssl/SSLSession.java b/libjava/classpath/javax/net/ssl/SSLSession.java
new file mode 100644
index 0000000..9400a1a
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLSession.java
@@ -0,0 +1,168 @@
+/* SSLSession.java -- an SSL session.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.security.cert.Certificate;
+
+import javax.security.cert.X509Certificate;
+
+/**
+ * An SSL session is a mechanism through which connections can be established
+ * by re-using previously negotiated handshakes.
+ */
+public interface SSLSession
+{
+  /**
+   * Returns this session's cihper suite.
+   *
+   * @return The cipher suite.
+   */
+  String getCipherSuite();
+
+  /**
+   * Returns the time in milliseconds since midnight GMT, 1 January 1970, that
+   * this session was created.
+   *
+   * @return The creation time.
+   */
+  long getCreationTime();
+
+  /**
+   * Returns this session's unique identifier, a arbitrary byte array of up
+   * to 32 bytes.
+   *
+   * @return The session identifier.
+   */
+  byte[] getId();
+
+  /**
+   * Returns the last time this session was accessed.
+   *
+   * @return The lest time this session was accessed.
+   */
+  long getLastAccessedTime();
+
+  /**
+   * Returns the chain of certificates that the local side used in the
+   * handshake, or null if none were used.
+   *
+   * @return The local certificate chain.
+   */
+  Certificate[] getLocalCertificates();
+
+  /**
+   * Returns the chain of certificates that the remote side used in
+   * the handshake, or null if none were used.
+   *
+   * @return The peer's certificate chain.
+   * @throws SSLPeerUnverifiedException If the identity of the peer has
+   *   not been verified.
+   */
+  Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException;
+
+  /**
+   * Returns the chain of certificates that the remote side used in
+   * the handshake, or null if none were used.
+   *
+   * @return The peer's certificate chain.
+   * @throws SSLPeerUnverifiedException If the identity of the peer has
+   *   not been verified.
+   */
+  X509Certificate[] getPeerCertificateChain()
+    throws SSLPeerUnverifiedException;
+
+  /**
+   * Returns the remote host's name.
+   *
+   * @return The name of the remote host.
+   */
+  String getPeerHost();
+
+  /**
+   * Returns the protocol this session uses.
+   *
+   * @return The protocol.
+   */
+  String getProtocol();
+
+  /**
+   * Returns this session's session context object.
+   *
+   * @return The session context.
+   * @throws SecurityException If the caller does not have the
+   *   {@link SSLPermission} "getSessionContext".
+   */
+  SSLSessionContext getSessionContext();
+
+  /**
+   * Returns the names of all values bound to this session.
+   *
+   * @return The list of bound names.
+   */
+  String[] getValueNames();
+
+  /**
+   * Returns the object bound to the given name.
+   *
+   * @param name The name of the value to get.
+   * @return The object bound by that name, or null.
+   */
+  Object getValue(String name);
+
+  /**
+   * Invalidates this session, ensuring that it will not be continued by
+   * another socket.
+   */
+  void invalidate();
+
+  /**
+   * Binds a value to this session, with the given name.
+   *
+   * @param name The name to bind the object with.
+   * @param value The value to bind.
+   */
+  void putValue(String name, Object value);
+
+  /**
+   * Un-binds a value.
+   *
+   * @param name The name of the value to un-bind.
+   */
+  void removeValue(String name);
+}
diff --git a/libjava/classpath/javax/net/ssl/SSLSessionBindingEvent.java b/libjava/classpath/javax/net/ssl/SSLSessionBindingEvent.java
new file mode 100644
index 0000000..af26efa
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLSessionBindingEvent.java
@@ -0,0 +1,94 @@
+/* SSLSessionBindingEvent.java -- SSL binding event.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.util.EventObject;
+
+/**
+ * An event raised by {@link SSLSession} objects when objects are bound to
+ * them.
+ */
+public class SSLSessionBindingEvent extends EventObject
+{
+
+  // Fields.
+  // -------------------------------------------------------------------
+
+  private static final long serialVersionUID = 3989172637106345L;
+
+  private final String name;
+
+  // Constructor.
+  // -------------------------------------------------------------------
+
+  /**
+   * Creates a new binding event.
+   *
+   * @param session The session being bound to.
+   * @param name The name the object was bound under.
+   */
+  public SSLSessionBindingEvent(SSLSession session, String name)
+  {
+    super(session);
+    this.name = name;
+  }
+
+  // Instance methods.
+  // --------------------------------------------------------------------
+
+  /**
+   * Returns the name the object was bound under.
+   *
+   * @return The name.
+   */
+  public String getName()
+  {
+    return name;
+  }
+
+  /**
+   * Returns the session that the object was bound to.
+   *
+   * @return The session.
+   */
+  public SSLSession getSession()
+  {
+    return (SSLSession) getSource();
+  }
+}
diff --git a/libjava/classpath/javax/net/ssl/SSLSessionBindingListener.java b/libjava/classpath/javax/net/ssl/SSLSessionBindingListener.java
new file mode 100644
index 0000000..1941ce5
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLSessionBindingListener.java
@@ -0,0 +1,65 @@
+/* SSLSessionBindingListener.java -- listener for SSL bindings.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.util.EventListener;
+
+/**
+ * An event listener interface that should be notified when it is bound or
+ * unbound to a {@link SSLSession}.
+ */
+public interface SSLSessionBindingListener extends EventListener
+{
+
+  /**
+   * This method is called of all objects when they are bound to an SSL
+   * session.
+   *
+   * @param event The binding event.
+   */
+  void valueBound(SSLSessionBindingEvent event);
+
+  /**
+   * This method is called of all objects when they are unbound to an SSL
+   * session.
+   *
+   * @param event The binding event.
+   */
+  void valueUnbound(SSLSessionBindingEvent event);
+}
diff --git a/libjava/classpath/javax/net/ssl/SSLSessionContext.java b/libjava/classpath/javax/net/ssl/SSLSessionContext.java
new file mode 100644
index 0000000..f9127e7
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLSessionContext.java
@@ -0,0 +1,103 @@
+/* SSLSessionContext.java -- collection of SSL sessions.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.util.Enumeration;
+
+/**
+ * A collection of saved SSL sessions, with thier corresponding session
+ * IDs.
+ *
+ * @author Casey Marshall (rsdio@metastatic.org)
+ */
+public interface SSLSessionContext
+{
+
+  /**
+   * Returns an enumeration of all saved session IDs. Every element in
+   * the returned enumeration is a byte array.
+   *
+   * @return The session IDs.
+   */
+  Enumeration getIds();
+
+  /**
+   * Gets the session specified by its ID, or <code>null</code> if there
+   * is no session, or if it has expired.
+   *
+   * @param sessionId The ID of the session to get.
+   * @return The session, or <code>null</code>.
+   */
+  SSLSession getSession(byte[] sessionId);
+
+  /**
+   * Returns the maximum number of sessions that may be cached by this
+   * session context.
+   *
+   * @return The maximum number of sessions that may be cached.
+   */
+  int getSessionCacheSize();
+
+  /**
+   * Returns the period of time (in seconds) that a session may be cached
+   * for before becoming invalid.
+   *
+   * @return The time a session may be valid.
+   */
+  int getSessionTimeout();
+
+  /**
+   * Sets the maximum number of sessions that may be cached by this
+   * session context. A cache size of 0 means no limit.
+   *
+   * @param size The new cache size.
+   * @throws IllegalArgumentException If <code>size</code> is negative.
+   */
+  void setSessionCacheSize(int size);
+
+  /**
+   * Sets the period of time (in seconds) that a session may be cached
+   * for before becoming invalid. A timeout of 0 means that sessions
+   * never expire.
+   *
+   * @param seconds The new timeout.
+   * @throws IllegalArgumentException If <code>seconds</code> is negative.
+   */
+  void setSessionTimeout(int seconds);
+}
diff --git a/libjava/classpath/javax/net/ssl/SSLSocket.java b/libjava/classpath/javax/net/ssl/SSLSocket.java
new file mode 100644
index 0000000..32a2b5f
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLSocket.java
@@ -0,0 +1,229 @@
+/* SSLSocket.java -- an SSL client socket.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+
+/**
+ * A socket that communicates over the secure socket layer protocol.
+ */
+public abstract class SSLSocket extends Socket
+{
+
+  // Constructors.
+  // -------------------------------------------------------------------------
+
+  protected SSLSocket()
+  {
+    super();
+  }
+
+  protected SSLSocket(String host, int port)
+    throws IOException, UnknownHostException
+  {
+    super(host, port);
+  }
+
+  protected SSLSocket(InetAddress address, int port) throws IOException
+  {
+    super(address, port);
+  }
+
+  protected SSLSocket(String host, int port,
+                      InetAddress localAddr, int localPort)
+    throws IOException, UnknownHostException
+  {
+    super(host, port, localAddr, localPort);
+  }
+
+  protected SSLSocket(InetAddress address, int port,
+                      InetAddress localAddr, int localPort)
+    throws IOException
+  {
+    super(address, port, localAddr, localPort);
+  }
+
+  // Abstract methods.
+  // -------------------------------------------------------------------------
+
+  /**
+   * Adds a handshake completed listener that wants to be notified when the
+   * SSL handshake completes.
+   *
+   * @param listener The listener to add.
+   */
+  public abstract void
+    addHandshakeCompletedListener(HandshakeCompletedListener listener);
+
+  /**
+   * Removes a handshake listener from this socket.
+   *
+   * @param listener The listener to remove.
+   */
+  public abstract void
+    removeHandshakeCompletedListener(HandshakeCompletedListener listener);
+
+  /**
+   * Returns the list of currently enabled cipher suites.
+   *
+   * @return The list of enabled cipher suites.
+   */
+  public abstract String[] getEnabledCipherSuites();
+
+  /**
+   * Sets the list of enabled cipher suites.
+   *
+   * @param suites The list of suites to enable.
+   */
+  public abstract void setEnabledCipherSuites(String[] suites);
+
+  /**
+   * Returns the list of enabled SSL protocols.
+   *
+   * @return The list of enabled protocols.
+   */
+  public abstract String[] getEnabledProtocols();
+
+  /**
+   * Sets the list of enabled SSL protocols.
+   *
+   * @param protocols The list of protocols to enable.
+   */
+  public abstract void setEnabledProtocols(String[] protocols);
+
+  /**
+   * Returns whether or not sessions will be created by this socket, and thus
+   * allow sessions to be continued later.
+   *
+   * @return Whether or not sessions will be created.
+   */
+  public abstract boolean getEnableSessionCreation();
+
+  /**
+   * Sets whether or not sessions will be created by this socket.
+   *
+   * @param enable The new value.
+   */
+  public abstract void setEnableSessionCreation(boolean enable);
+
+  /**
+   * Returns whether or not this socket will require connecting clients to
+   * authenticate themselves. This value only applies to sockets in server
+   * mode.
+   *
+   * @return Whether or not this socket requires client authentication.
+   */
+  public abstract boolean getNeedClientAuth();
+
+  /**
+   * Sets whether or not this socket will require connecting clients to
+   * authenticate themselves. This value only applies to sockets in server
+   * mode.
+   *
+   * @param needAuth The new need auth value.
+   */
+  public abstract void setNeedClientAuth(boolean needAuth);
+
+  /**
+   * Returns this socket's session object.
+   *
+   * @return The session.
+   */
+  public abstract SSLSession getSession();
+
+  /**
+   * Returns the list of cipher suites supported by this socket.
+   *
+   * @return The list of supported cipher suites.
+   */
+  public abstract String[] getSupportedCipherSuites();
+
+  /**
+   * Returns the list of protocols supported by this socket.
+   *
+   * @return The list of supported protocols.
+   */
+  public abstract String[] getSupportedProtocols();
+
+  /**
+   * Returns whether or not this socket will connect in client mode.
+   *
+   * @return True if this is a client socket.
+   */
+  public abstract boolean getUseClientMode();
+
+  /**
+   * Sets whether or not this socket will connect in client mode.
+   *
+   * @param clientMode The new value.
+   */
+  public abstract void setUseClientMode(boolean clientMode);
+
+  /**
+   * Returns whether or not this socket will request that connecting clients
+   * authenticate themselves. This value only applies to sockets in server
+   * mode.
+   *
+   * @return The want client auth value.
+   */
+  public abstract boolean getWantClientAuth();
+
+  /**
+   * Sets whether or not this socket will request that connecting clients
+   * authenticate themselves. This value only applies to sockets in server
+   * mode.
+   *
+   * @param wantAuth The new want auth value.
+   */
+  public abstract void setWantClientAuth(boolean wantAuth);
+
+  /**
+   * Explicitly begins the handshake, or, if the handshake has already
+   * completed, requests that the handshake be repeated.
+   *
+   * <p>The handshake will begin implicitly when any attempt to read or
+   * write to the socket is made.</p>
+   *
+   * @throws IOException If an I/O or SSL error occurs.
+   */
+  public abstract void startHandshake() throws IOException;
+}
diff --git a/libjava/classpath/javax/net/ssl/SSLSocketFactory.java b/libjava/classpath/javax/net/ssl/SSLSocketFactory.java
new file mode 100644
index 0000000..d5d9b6e
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/SSLSocketFactory.java
@@ -0,0 +1,190 @@
+/* SSLSocketFactory.java -- factory for SSL client sockets.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.io.IOException;
+import java.net.Socket;
+import java.security.KeyStore;
+import java.security.Security;
+
+import javax.net.SocketFactory;
+
+/**
+ * A socket factory for creating <i>Secure Socket Layer</i> (<b>SSL</b>)
+ * sockets.
+ */
+public abstract class SSLSocketFactory extends SocketFactory
+{
+  // Constants.
+  // -------------------------------------------------------------------------
+
+  private static SSLContext context;
+
+  // Constructor.
+  // -------------------------------------------------------------------------
+
+  public SSLSocketFactory()
+  {
+    super();
+  }
+
+  // Class methods.
+  // -------------------------------------------------------------------------
+
+  /**
+   * Returns a default implementation of a SSL socket factory.
+   *
+   * <p>To control the class that gets returned by this method, set the
+   * security property "ssl.SocketFactory.provider" to the class
+   * name of a concrete implementation of this class. If not set, a
+   * system-dependent implementation will be used.</p>
+   *
+   * <p>The implementation returned is created by the first implementation
+   * of the {@link SSLContext} class found, which is initialized with
+   * default parameters. To control the key and trust manager factory
+   * algorithms used as defaults, set the security properties
+   * "ssl.keyManagerFactory.algorithm" and "ssl.trustManagerFactory.algorithm"
+   * to the appropriate names.</p>
+   *
+   * <p>Using this method is not recommended. Instead, use the methods of
+   * {@link SSLContext}, which provide much better control over the
+   * creation of socket factories.</p>
+   *
+   * @return The default socket factory.
+   * @throws RuntimeException If no default can be created.
+   */
+  public static synchronized SocketFactory getDefault()
+  {
+    try
+      {
+        String s = Security.getProperty("ssl.SocketFactory.provider");
+        ClassLoader cl = ClassLoader.getSystemClassLoader();
+        if (s != null && cl != null)
+          {
+            return (SocketFactory) cl.loadClass(s).newInstance();
+          }
+      }
+    catch (Exception e)
+      {
+      }
+    if (context == null)
+      {
+        KeyManager[] km = null;
+        TrustManager[] tm = null;
+
+        // 1. Determine which algorithms to use for the key and trust
+        // manager factories.
+        String kmAlg = KeyManagerFactory.getDefaultAlgorithm();
+        String tmAlg = TrustManagerFactory.getDefaultAlgorithm();
+
+        // 2. Try to initialize the factories with default parameters.
+        try
+          {
+            KeyManagerFactory kmf = KeyManagerFactory.getInstance(kmAlg);
+            kmf.init(null, null);
+            km = kmf.getKeyManagers();
+          }
+        catch (Exception ex)
+          {
+          }
+        try
+          {
+            TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmAlg);
+            tmf.init((KeyStore) null);
+            tm = tmf.getTrustManagers();
+          }
+        catch (Exception ex)
+          {
+          }
+
+        // 3. Create and initialize a context.
+        try
+          {
+            context = SSLContext.getInstance("SSLv3");
+            context.init(km, tm, null);
+          }
+        catch (Exception ex)
+          {
+            throw new RuntimeException("error instantiating default socket factory: "
+                                       + ex.toString());
+          }
+      }
+    try
+      {
+        return context.getSocketFactory();
+      }
+    catch (Exception e)
+      {
+      }
+    throw new RuntimeException("no SSLSocketFactory implementation available");
+  }
+
+  // Abstract methods.
+  // -------------------------------------------------------------------------
+
+  /**
+   * Creates a SSL socket wrapped around an existing socket.
+   *
+   * @param socket The socket to wrap.
+   * @param host The host the socket is connected to.
+   * @param port The port the socket is connected to.
+   * @param autoClose Whether or not the wrapped socket should be closed
+   *   automatically.
+   * @return The new SSL socket.
+   * @throws IOException If the socket could not be created.
+   */
+  public abstract Socket createSocket(Socket socket, String host,
+                                      int port, boolean autoClose)
+    throws IOException;
+
+  /**
+   * Returns the list of cipher suites that will be enabled in sockets
+   * created by this factory.
+   *
+   * @return The default cipher suites.
+   */
+  public abstract String[] getDefaultCipherSuites();
+
+  /**
+   * Returns the list of all cipher suites supported by this factory.
+   *
+   * @return The list of supported cipher suites.
+   */
+  public abstract String[] getSupportedCipherSuites();
+}
diff --git a/libjava/classpath/javax/net/ssl/TrivialHostnameVerifier.java b/libjava/classpath/javax/net/ssl/TrivialHostnameVerifier.java
new file mode 100644
index 0000000..abf1a7f
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/TrivialHostnameVerifier.java
@@ -0,0 +1,51 @@
+/* TrivialHostnameVerifier.java -- non-verifing verifier.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * A hostname verifier that always rejects mismatched hostnames.
+ */
+class TrivialHostnameVerifier implements HostnameVerifier
+{
+
+  public boolean verify(String hostname, SSLSession session)
+  {
+    return false;
+  }
+}
diff --git a/libjava/classpath/javax/net/ssl/TrustManager.java b/libjava/classpath/javax/net/ssl/TrustManager.java
new file mode 100644
index 0000000..3bded8b
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/TrustManager.java
@@ -0,0 +1,47 @@
+/* TrustManager.java -- marker interface for trust managers.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * A marker interface for classes that establish the trust of remote
+ * hosts.
+ */
+public interface TrustManager
+{
+}
diff --git a/libjava/classpath/javax/net/ssl/TrustManagerFactory.java b/libjava/classpath/javax/net/ssl/TrustManagerFactory.java
new file mode 100644
index 0000000..62ab1c2
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/TrustManagerFactory.java
@@ -0,0 +1,278 @@
+/* TrustManagerFactory.java -- factory for trust managers.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import gnu.java.security.Engine;
+
+import java.lang.reflect.InvocationTargetException;
+import java.security.AccessController;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivilegedAction;
+import java.security.Provider;
+import java.security.Security;
+
+/**
+ * A factory for creating trust manager objects.
+ */
+public class TrustManagerFactory
+{
+
+  // Constants and fields.
+  // -------------------------------------------------------------------------
+
+  /** The service name for trust manager factories. */
+  private static final String TRUST_MANAGER_FACTORY = "TrustManagerFactory";
+
+  /** The system default trust manager algorithm. */
+  private static final String DEFAULT_ALGORITHM = "JessieX509";
+
+  /** The underlying engine class. */
+  private final TrustManagerFactorySpi tmfSpi;
+
+  /** The provider of the engine class. */
+  private final Provider provider;
+
+  /** The name of this trust manager algorithm. */
+  private final String algorithm;
+
+  // Constructor.
+  // -------------------------------------------------------------------------
+
+  /**
+   * Creates a new trust manager factory.
+   *
+   * @param tmfSpi The underlying engine class.
+   * @param provider The provider of the engine class.
+   * @param algorithm The trust manager algorithm name.
+   */
+  protected TrustManagerFactory(TrustManagerFactorySpi tmfSpi,
+                                Provider provider, String algorithm)
+  {
+    this.tmfSpi = tmfSpi;
+    this.provider = provider;
+    this.algorithm = algorithm;
+  }
+
+  // Class methods.
+  // -------------------------------------------------------------------------
+
+  /**
+   * Returns an instance of a trust manager factory for the given algorithm
+   * from the first provider that implements it.
+   *
+   * @param algorithm The name of the algorithm to get.
+   * @return The instance of the trust manager factory.
+   * @throws NoSuchAlgorithmException If no provider implements the given
+   *   algorithm.
+   */
+  public static final TrustManagerFactory getInstance(String algorithm)
+    throws NoSuchAlgorithmException
+  {
+    Provider[] provs = Security.getProviders();
+    for (int i = 0; i < provs.length; i++)
+      {
+        try
+          {
+            return getInstance(algorithm, provs[i]);
+          }
+        catch (NoSuchAlgorithmException ignore)
+          {
+          }
+      }
+    throw new NoSuchAlgorithmException(algorithm);
+  }
+
+  /**
+   * Returns an instance of a trust manager factory for the given algorithm
+   * from the named provider.
+   *
+   * @param algorithm The name of the algorithm to get.
+   * @param provider The name of the provider to get the instance from.
+   * @return The instance of the trust manager factory.
+   * @throws NoSuchAlgorithmException If the provider does not implement the
+   *   given algorithm.
+   * @throws NoSuchProviderException If there is no such named provider.
+   * @throws IllegalArgumentException If the provider argument is null.
+   */
+  public static final TrustManagerFactory getInstance(String algorithm,
+                                                      String provider)
+    throws NoSuchAlgorithmException, NoSuchProviderException
+  {
+    if (provider == null)
+      {
+        throw new IllegalArgumentException();
+      }
+    Provider p = Security.getProvider(provider);
+    if (p == null)
+      {
+        throw new NoSuchProviderException(provider);
+      }
+    return getInstance(algorithm, p);
+  }
+
+  /**
+   * Returns an instance of a trust manager factory for the given algorithm
+   * from the specified provider.
+   *
+   * @param algorithm The name of the algorithm to get.
+   * @param provider The provider to get the instance from.
+   * @return The instance of the trust manager factory.
+   * @throws NoSuchAlgorithmException If the provider does not implement the
+   *   given algorithm.
+   * @throws IllegalArgumentException If the provider argument is null.
+   */
+  public static final TrustManagerFactory getInstance(String algorithm,
+                                                      Provider provider)
+    throws NoSuchAlgorithmException
+  {
+    if (provider == null)
+      {
+        throw new IllegalArgumentException();
+      }
+    try
+      {
+        return new TrustManagerFactory((TrustManagerFactorySpi)
+          Engine.getInstance(TRUST_MANAGER_FACTORY, algorithm, provider),
+          provider, algorithm);
+      }
+    catch (InvocationTargetException ite)
+      {
+        throw new NoSuchAlgorithmException(algorithm);
+      }
+    catch (ClassCastException cce)
+      {
+        throw new NoSuchAlgorithmException(algorithm);
+      }
+  }
+
+  /**
+   * Returns the default algorithm for trust manager factories. The value
+   * returned is either the value of the security property
+   * "ssl.TrustManagerFactory.algorithm" if it is set, or the value "JessieX509"
+   * if not.
+   *
+   * @return The default algorithm name.
+   * @see Security.getProperty(java.lang.String)
+   */
+  public static final String getDefaultAlgorithm()
+  {
+    String alg = null;
+    try
+      {
+        alg = (String) AccessController.doPrivileged(
+          new PrivilegedAction()
+          {
+            public Object run()
+            {
+              return Security.getProperty("ssl.TrustManagerFactory.algorithm");
+            }
+          }
+        );
+      }
+    catch (SecurityException se)
+      {
+      }
+    if (alg == null)
+      alg = DEFAULT_ALGORITHM;
+    return alg;
+  }
+
+  // Instance methods.
+  // -------------------------------------------------------------------------
+
+  /**
+   * Returns the name of this trust manager algorithm.
+   *
+   * @return The algorithm name.
+   */
+  public final String getAlgorithm()
+  {
+    return algorithm;
+  }
+
+  /**
+   * Returns the provider of the underlying implementation.
+   *
+   * @return The provider.
+   */
+  public final Provider getProvider()
+  {
+    return provider;
+  }
+
+  /**
+   * Returns the trust managers created by this factory.
+   *
+   * @return The trust managers.
+   */
+  public final TrustManager[] getTrustManagers()
+  {
+    return tmfSpi.engineGetTrustManagers();
+  }
+
+  /**
+   * Initialize this instance with some algorithm-specific parameters.
+   *
+   * @param params The parameters.
+   * @throws InvalidAlgorithmParameterException If the supplied parameters
+   *   are inappropriate for this instance.
+   */
+  public final void init(ManagerFactoryParameters params)
+    throws InvalidAlgorithmParameterException
+  {
+    tmfSpi.engineInit(params);
+  }
+
+  /**
+   * Initialize this instance with a key store. The key store may be null,
+   * in which case a default will be used.
+   *
+   * @param store The key store.
+   * @throws KeyStoreException If there is a problem reading from the
+   *   key store.
+   */
+  public final void init(KeyStore store) throws KeyStoreException
+  {
+    tmfSpi.engineInit(store);
+  }
+}
diff --git a/libjava/classpath/javax/net/ssl/TrustManagerFactorySpi.java b/libjava/classpath/javax/net/ssl/TrustManagerFactorySpi.java
new file mode 100644
index 0000000..3706674
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/TrustManagerFactorySpi.java
@@ -0,0 +1,88 @@
+/* TrustManagerFactorySpi.java -- SPI for trust manager factories.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+
+/**
+ * The <i>service provider interface</i> (<b>SPI</b>) for trust managers.
+ */
+public abstract class TrustManagerFactorySpi
+{
+
+  // Constructor.
+  // -------------------------------------------------------------------------
+
+  public TrustManagerFactorySpi()
+  {
+    super();
+  }
+
+  // Abstract methods.
+  // -------------------------------------------------------------------------
+
+  /**
+   * Engine method that returns the trust managers created by this factory.
+   *
+   * @return The trust managers.
+   */
+  protected abstract TrustManager[] engineGetTrustManagers();
+
+  /**
+   * Engine method that initializes this factory with some algorithm-specific
+   * parameters.
+   *
+   * @param params The parameters.
+   * @throws InvalidAlgorithmParameterException If the given parameters are
+   *   inappropriate.
+   */
+  protected abstract void engineInit(ManagerFactoryParameters params)
+    throws InvalidAlgorithmParameterException;
+
+  /**
+   * Engine method that initializes this factory with a key store. The key
+   * store parameter may be null, in which case some default should be used.
+   *
+   * @param store The key store.
+   * @throws KeyStoreException If a problem occurs reading from the key store.
+   */
+  protected abstract void engineInit(KeyStore store) throws KeyStoreException;
+}
diff --git a/libjava/classpath/javax/net/ssl/X509KeyManager.java b/libjava/classpath/javax/net/ssl/X509KeyManager.java
new file mode 100644
index 0000000..6fb6b40
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/X509KeyManager.java
@@ -0,0 +1,108 @@
+/* X509KeyManager.java -- X.509 key manager interface.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.net.Socket;
+
+import java.security.Principal;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+
+/**
+ * A key manager for X.509 certificates and their associated private keys.
+ */
+public interface X509KeyManager extends KeyManager
+{
+
+  /**
+   * Choose an alias for client-side authentication.
+   *
+   * @param keyTypes A list of acceptable key types.
+   * @param issuers A list of acceptable certificate issuers.
+   * @param socket The connecting socket.
+   * @return The chosen alias.
+   */
+  String chooseClientAlias(String[] keyTypes, Principal[] issuers,
+                           Socket socket);
+
+  /**
+   * Choose an alias for server-side authentication.
+   *
+   * @param keyType The desired certificate type.
+   * @param issuers A list of acceptable certificate issuers.
+   * @param socket The connecting socket.
+   * @return The chosen alias.
+   */
+  String chooseServerAlias(String keyType, Principal[] issuers,
+                           Socket socket);
+
+  /**
+   * Gets the X.509 certificate chain associated with the given alias.
+   *
+   * @param alias The alias.
+   * @return The certificate chain.
+   */
+  X509Certificate[] getCertificateChain(String alias);
+
+  /**
+   * Returns all client aliases that support the given key type.
+   *
+   * @param keyType The desired key type.
+   * @param issuers A list of acceptable certificate issuers.
+   * @return The (possibly empty) list of aliases.
+   */
+  String[] getClientAliases(String keyType, Principal[] issuers);
+
+  /**
+   * Gets the private key associated with the given alias.
+   *
+   * @param alias The alias.
+   * @return The private key.
+   */
+  PrivateKey getPrivateKey(String alias);
+
+  /**
+   * Returns all server aliases that support the given key type.
+   *
+   * @param keyType The desired key type.
+   * @param issuers A list of acceptable certificate issuers.
+   * @return The (possibly empty) list of aliases.
+   */
+  String[] getServerAliases(String keyType, Principal[] issuers);
+}
diff --git a/libjava/classpath/javax/net/ssl/X509TrustManager.java b/libjava/classpath/javax/net/ssl/X509TrustManager.java
new file mode 100644
index 0000000..97daaf0
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/X509TrustManager.java
@@ -0,0 +1,76 @@
+/* X509TrustManager.java -- X.509 trust manager interface.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+/**
+ * A trust manager for dealing with X.509 certificates.
+ */
+public interface X509TrustManager extends TrustManager
+{
+
+  /**
+   * Checks if a certificate chain sent by the client is trusted.
+   *
+   * @param chain The certificate chain to check.
+   * @param authType The authentication type.
+   * @throws CertificateException If the client's certificates are not trusted.
+   */
+  void checkClientTrusted(X509Certificate[] chain, String authType)
+    throws CertificateException;
+
+  /**
+   * Checks if a certificate chain sent by the server is trusted.
+   *
+   * @param chain The certificate chain to check.
+   * @param authType The authentication type.
+   * @throws CertificateException If the server's certificates are not trusted.
+   */
+  void checkServerTrusted(X509Certificate[] chain, String authType)
+    throws CertificateException;
+
+  /**
+   * Returns the list of trusted issuer certificates currently in use.
+   *
+   * @return The list of trusted issuer certificates.
+   */
+  X509Certificate[] getAcceptedIssuers();
+}
diff --git a/libjava/classpath/javax/net/ssl/package.html b/libjava/classpath/javax/net/ssl/package.html
new file mode 100644
index 0000000..abc6f05
--- /dev/null
+++ b/libjava/classpath/javax/net/ssl/package.html
@@ -0,0 +1,46 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<!-- package.html - describes classes in javax.net.ssl package.
+   Copyright (C) 2004 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. -->
+
+<html>
+<head><title>GNU Classpath - javax.net.ssl</title></head>
+
+<body>
+<p></p>
+
+</body>
+</html>
author	Tom Tromey <tromey@gcc.gnu.org>	2005-07-16 00:30:23 +0000
committer	Tom Tromey <tromey@gcc.gnu.org>	2005-07-16 00:30:23 +0000
commit	f911ba985aa7fe0096c386c5be385ac5825ea527 (patch)
tree	a0b991cf5866ae1d616639b906ac001811d74508 /libjava/classpath/javax/net
parent	6f4434b39b261de5317dc81ddfdd94d2e1d62b11 (diff)
download	gcc-f911ba985aa7fe0096c386c5be385ac5825ea527.zip gcc-f911ba985aa7fe0096c386c5be385ac5825ea527.tar.gz gcc-f911ba985aa7fe0096c386c5be385ac5825ea527.tar.bz2