[Jnode-svn-commits] SF.net SVN: jnode: [3025] trunk/core/src/classpath/javax/javax

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Revision: 3025
          http://jnode.svn.sourceforge.net/jnode/?rev=3025&view=rev
Author:   lsantha
Date:     2007-01-07 04:57:57 -0800 (Sun, 07 Jan 2007)

Log Message:
-----------
Classpath patches.

Modified Paths:
--------------
    trunk/core/src/classpath/javax/javax/crypto/CipherOutputStream.java
    trunk/core/src/classpath/javax/javax/crypto/Mac.java
    trunk/core/src/classpath/javax/javax/crypto/MacSpi.java
    trunk/core/src/classpath/javax/javax/net/ssl/HandshakeCompletedEvent.java
    trunk/core/src/classpath/javax/javax/net/ssl/HttpsURLConnection.java
    trunk/core/src/classpath/javax/javax/net/ssl/SSLContext.java
    trunk/core/src/classpath/javax/javax/net/ssl/SSLContextSpi.java
    trunk/core/src/classpath/javax/javax/net/ssl/SSLServerSocketFactory.java
    trunk/core/src/classpath/javax/javax/net/ssl/SSLSession.java
    trunk/core/src/classpath/javax/javax/net/ssl/SSLSocketFactory.java

Added Paths:
-----------
    trunk/core/src/classpath/javax/javax/management/MBeanServerPermission.java
    trunk/core/src/classpath/javax/javax/net/ssl/CertPathTrustManagerParameters.java
    trunk/core/src/classpath/javax/javax/net/ssl/KeyStoreBuilderParameters.java
    trunk/core/src/classpath/javax/javax/net/ssl/SSLEngine.java
    trunk/core/src/classpath/javax/javax/net/ssl/SSLEngineResult.java
    trunk/core/src/classpath/javax/javax/net/ssl/X509ExtendedKeyManager.java
    trunk/core/src/classpath/javax/javax/swing/text/html/CSSParser.java

Modified: trunk/core/src/classpath/javax/javax/crypto/CipherOutputStream.java
===================================================================

--- trunk/core/src/classpath/javax/javax/crypto/CipherOutputStream.java	2007-01-07 12:55:51 UTC (rev 3024)
+++ trunk/core/src/classpath/javax/javax/crypto/CipherOutputStream.java	2007-01-07 12:57:57 UTC (rev 3025)
@@ -50,33 +50,12 @@
  */
 public class CipherOutputStream extends FilterOutputStream
 {
-
-  // Fields.
-  // ------------------------------------------------------------------------
-
   /** The underlying cipher. */
   private Cipher cipher;
 
-  private byte[][] inBuffer;
-
-  private int inLength;
-
-  private byte[] outBuffer;
-
-  private static final int FIRST_TIME  = 0;
-  private static final int SECOND_TIME = 1;
-  private static final int SEASONED    = 2;
-  private int state;
-
-  /** True if the cipher is a stream cipher (blockSize == 1) */
-  private boolean isStream;
-
-  // Constructors.
-  // ------------------------------------------------------------------------
-
   /**
-   * Create a new cipher output stream. The cipher argument must have
-   * already been initialized.
+   * Create a new cipher output stream. The cipher argument must have already
+   * been initialized.
    *
    * @param out    The sink for transformed data.
    * @param cipher The cipher to transform data with.
@@ -84,20 +63,7 @@
   public CipherOutputStream(OutputStream out, Cipher cipher)
   {
     super(out);
-    if (cipher != null)
-      {
-        this.cipher = cipher;
-        if (!(isStream = cipher.getBlockSize() == 1))
-          {
-            inBuffer = new byte[2][];
-            inBuffer[0] = new byte[cipher.getBlockSize()];
-            inBuffer[1] = new byte[cipher.getBlockSize()];
-            inLength = 0;
-            state = FIRST_TIME;
-          }
-      }
-    else
-      this.cipher = new NullCipher();
+    this.cipher = (cipher != null) ? cipher : new NullCipher();
   }
 
   /**
@@ -110,52 +76,36 @@
     super(out);
   }
 
-  // Instance methods.
-  // ------------------------------------------------------------------------
-
   /**
    * Close this output stream, and the sink output stream.
+   * <p>
+   * This method will first invoke the {@link Cipher#doFinal()} method of the
+   * underlying {@link Cipher}, and writes the output of that method to the
+   * sink output stream.
    *
-   * <p>This method will first invoke the {@link Cipher#doFinal()}
-   * method of the underlying {@link Cipher}, and writes the output of
-   * that method to the sink output stream.
-   *
-   * @throws java.io.IOException If an I/O error occurs, or if an error
-   *         is caused by finalizing the transformation.
+   * @throws IOException If an I/O error occurs, or if an error is caused by
+   *           finalizing the transformation.
    */
   public void close() throws IOException
   {
     try
       {
-        int len;
-        if (state != FIRST_TIME)
-          {
-            len = cipher.update(inBuffer[0], 0, inBuffer[0].length, outBuffer);
-            out.write(outBuffer, 0, len);
-          }
-        len = cipher.doFinal(inBuffer[0], 0, inLength, outBuffer);
-        out.write(outBuffer, 0, len);
+        out.write(cipher.doFinal());
+        out.flush();
+        out.close();
       }
-    catch (javax.crypto.IllegalBlockSizeException ibse)
+    catch (Exception cause)
       {
-        throw new IOException(ibse.toString());
+        IOException ioex = new IOException(String.valueOf(cause));
+        ioex.initCause(cause);
+        throw ioex;
       }
-    catch (javax.crypto.BadPaddingException bpe)
-      {
-        throw new IOException(bpe.toString());
-      }
-    catch (ShortBufferException sbe)
-      {
-        throw new IOException(sbe.toString());
-      }
-    out.flush();
-    out.close();
   }
 
   /**
    * Flush any pending output.
    *
-   * @throws java.io.IOException If an I/O error occurs.
+   * @throws IOException If an I/O error occurs.
    */
   public void flush() throws IOException
   {
@@ -166,38 +116,20 @@
    * Write a single byte to the output stream.
    *
    * @param b The next byte.
-   * @throws java.io.IOException If an I/O error occurs, or if the
-   *         underlying cipher is not in the correct state to transform
-   *         data.
+   * @throws IOException If an I/O error occurs, or if the underlying cipher is
+   *           not in the correct state to transform data.
    */
   public void write(int b) throws IOException
   {
-    if (isStream)
-      {
-        byte[] buf = new byte[] { (byte) b };
-        try
-          {
-            cipher.update(buf, 0, 1, buf, 0);
-          }
-        catch (ShortBufferException sbe)
-          {
-            throw new IOException(sbe.toString());
-          }
-        out.write(buf);
-        return;
-      }
-    inBuffer[1][inLength++] = (byte) b;
-    if (inLength == inBuffer[1].length)
-      process();
+    write(new byte[] { (byte) b }, 0, 1);
   }
 
   /**
    * Write a byte array to the output stream.
    *
    * @param buf The next bytes.
-   * @throws java.io.IOException If an I/O error occurs, or if the
-   *         underlying cipher is not in the correct state to transform
-   *         data.
+   * @throws IOException If an I/O error occurs, or if the underlying cipher is
+   *           not in the correct state to transform data.
    */
   public void write(byte[] buf) throws IOException
   {
@@ -210,59 +142,11 @@
    * @param buf The next bytes.
    * @param off The offset in the byte array to start.
    * @param len The number of bytes to write.
-   * @throws java.io.IOException If an I/O error occurs, or if the
-   *         underlying cipher is not in the correct state to transform
-   *         data.
+   * @throws IOException If an I/O error occurs, or if the underlying cipher is
+   *           not in the correct state to transform data.
    */
   public void write(byte[] buf, int off, int len) throws IOException
   {
-    if (isStream)
-      {
         out.write(cipher.update(buf, off, len));
-        return;
-      }
-    int count = 0;
-    while (count < len)
-      {
-        int l = Math.min(inBuffer[1].length - inLength, len - count);
-        System.arraycopy(buf, off+count, inBuffer[1], inLength, l);
-        count += l;
-        inLength += l;
-        if (inLength == inBuffer[1].length)
-          process();
-      }
   }
-
-  // Own method.
-  // -------------------------------------------------------------------------
-
-  private void process() throws IOException
-  {
-    if (state == SECOND_TIME)
-      {
-        state = SEASONED;
-      }
-    else
-      {
-        byte[] temp = inBuffer[0];
-        inBuffer[0] = inBuffer[1];
-        inBuffer[1] = temp;
-      }
-    if (state == FIRST_TIME)
-      {
-        inLength = 0;
-        state = SECOND_TIME;
-        return;
-      }
-    try
-      {
-        cipher.update(inBuffer[0], 0, inBuffer[0].length, outBuffer);
-      }
-    catch (ShortBufferException sbe)
-      {
-        throw new IOException(sbe.toString());
-      }
-    out.write(outBuffer);
-    inLength = 0;
-  }
 }

Modified: trunk/core/src/classpath/javax/javax/crypto/Mac.java
===================================================================
--- trunk/core/src/classpath/javax/javax/crypto/Mac.java	2007-01-07 12:55:51 UTC (rev 3024)
+++ trunk/core/src/classpath/javax/javax/crypto/Mac.java	2007-01-07 12:57:57 UTC (rev 3025)
@@ -41,6 +41,7 @@
 import gnu.java.security.Engine;
 
 import java.lang.reflect.InvocationTargetException;
+import java.nio.ByteBuffer;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.Key;
@@ -406,6 +407,18 @@
   }
 
   /**
+   * Update this MAC with the remaining bytes in the given buffer
+   * @param buffer The input buffer.
+   * @since 1.5
+   */
+  public final void update (final ByteBuffer buffer)
+  {
+    if (virgin)
+      throw new IllegalStateException ("not initialized");
+    macSpi.engineUpdate(buffer);
+  }
+  
+  /**
    * Clone this instance, if the underlying implementation supports it.
    *
    * @return A clone of this instance.

Modified: trunk/core/src/classpath/javax/javax/crypto/MacSpi.java
===================================================================
--- trunk/core/src/classpath/javax/javax/crypto/MacSpi.java	2007-01-07 12:55:51 UTC (rev 3024)
+++ trunk/core/src/classpath/javax/javax/crypto/MacSpi.java	2007-01-07 12:57:57 UTC (rev 3025)
@@ -38,6 +38,7 @@
 
 package javax.crypto;
 
+import java.nio.ByteBuffer;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.Key;
@@ -142,4 +143,21 @@
    * @param length The number of bytes to update.
    */
   protected abstract void engineUpdate(byte[] input, int offset, int length);
+  
+  /**
+   * Update this MAC with the remaining bytes of a buffer.
+   * 
+   * @param buffer The input buffer.
+   * @since 1.5
+   */
+  protected void engineUpdate (final ByteBuffer buffer)
+  {
+    byte[] buf = new byte[1024];
+    while (buffer.hasRemaining ())
+      {
+        int n = Math.min (buffer.remaining (), buf.length);
+        buffer.get (buf, 0, n);
+        engineUpdate (buf, 0, n);
+      }
+  }
 }

Added: trunk/core/src/classpath/javax/javax/management/MBeanServerPermission.java
===================================================================
--- trunk/core/src/classpath/javax/javax/management/MBeanServerPermission.java	                        (rev 0)
+++ trunk/core/src/classpath/javax/javax/management/MBeanServerPermission.java	2007-01-07 12:57:57 UTC (rev 3025)
@@ -0,0 +1,470 @@
+/* MBeanServerPermission.java -- Permissions controlling server creation.
+   Copyright (C) 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+package javax.management;
+
+import java.security.BasicPermission;
+import java.security.Permission;
+import java.security.PermissionCollection;
+
+import java.util.Enumeration;
+import java.util.NoSuchElementException;
+
+/**
+ * <p>
+ * Represents the permissions required to perform
+ * operations provided by the {@link MBeanServerFactory}.
+ * As with all {@link java.security.Permission} objects, an
+ * instance of this class either represents a permission
+ * already held or one that is required to access a
+ * particular service.  In the case of {@link MBeanServerPermission}s,
+ * implication checks are made using an instance of this class
+ * when a user requests an operation from the factory, and a
+ * {@link SecurityManager} is in place.
+ * </p>
+ * <p>
+ * The permission is defined by its name, which may be
+ * either a <code>'*'</code> (to allow all) or one or
+ * more of the following, separated by a <code>','</code>:
+ * </p>
+ * <ul>
+ * <li><code>createMBeanServer</code> -- allows a registered
+ * instance of a server to be obtained from the factory.</li>
+ * <li><code>findMBeanServer</code> -- allows all or one
+ * particular server instance to be retrieved from the factory.</li>
+ * <li><code>newMBeanServer</code> -- allows an unregistered
+ * instance of a server to be obtained from the factory.</li>
+ * <li><code>releaseMBeanServer</code> -- allows a reference to
+ * a server instance to be removed from the factory.</li>
+ * </ul>
+ * <p>
+ * The names may be surrounded by arbitrary amounts of whitespace.
+ * <code>createMBeanServer</code> implies <code>newMBeanServer</code>.
+ * </p>
+ *
+ * @author Andrew John Hughes (gnu...@me...)
+ * @since 1.5
+ */
+public class MBeanServerPermission
+  extends BasicPermission
+{
+
+  /**
+   * Compatible with JDK 1.5
+   */
+  private static final long serialVersionUID = -5661980843569388590L;
+
+  /**
+   * <p>
+   * Constructs a new {@link MBeanServerPermission} with
+   * the given name.  The name must not be <code>null</code>
+   * and must be equal to either <code>"*"</code> or a
+   * comma-separated list of valid permissions.  The four
+   * valid constraints are:
+   * </p>
+   * <ol>
+   * <li><code>createMBeanServer</code></li>
+   * <li><code>findMBeanServer</code></li>
+   * <li><code>newMBeanServer</code></li>
+   * <li><code>releaseMBeanServer</code></li>
+   * </ol>
+   * <p>
+   * Calling this constructor is equivalent to calling
+   * <code>MBeanPermission(name, null)</code>.
+   * </p>
+   *
+   * @param name the name of this permission.
+   * @throws NullPointerException if <code>name</code>
+   *                              is <code>null</code>.
+   * @throws IllegalArgumentException if <code>name</code>
+   *                                  is not either equal to
+   *                                  <code>"*"</code> or forms
+   *                                  a comma-separated list of
+   *                                  valid constraints.
+   * @see #MBeanServerPermission(String,String)
+   */
+  public MBeanServerPermission(String name)
+  {
+    this(name, null);
+  }
+
+  /**
+   * <p>
+   * Constructs a new {@link MBeanServerPermission} with
+   * the given name and actions.  The actions are unused,
+   * and must be either <code>null</code> or the empty
+   * string.  The name must not be <code>null</code>
+   * and must be equal to either <code>"*"</code> or a
+   * comma-separated list of valid permissions.  The four
+   * valid constraints are:
+   * </p>
+   * <ol>
+   * <li><code>createMBeanServer</code></li>
+   * <li><code>findMBeanServer</code></li>
+   * <li><code>newMBeanServer</code></li>
+   * <li><code>releaseMBeanServer</code></li>
+   * </ol>
+   * <p>
+   * Calling this constructor is equivalent to calling
+   * <code>MBeanPermission(name, null)</code>.
+   * </p>
+   *
+   * @param name the name of this permission.
+   * @throws NullPointerException if <code>name</code>
+   *                              is <code>null</code>.
+   * @throws IllegalArgumentException if <code>name</code>
+   *                                  is not either equal to
+   *                                  <code>"*"</code> or forms
+   *                                  a comma-separated list of
+   *                                  valid constraints, or if
+   *                                  <code>actions</code> is not
+   *                                  <code>null</code> or the
+   *                                  empty string.
+   * @see #MBeanServerPermission(String,String)
+   */
+  public MBeanServerPermission(String name, String actions)
+  {
+    super(checkName(name), actions);
+    if (actions != null && actions.length() > 0)
+      throw new IllegalArgumentException("The supplied action list " +
+					 "was not equal to null or the " +
+					 "empty string.");
+  }
+  
+  /**
+   * Returns true if the given object is also an {@link MBeanServerPermission}
+   * with the same name.
+   *
+   * @param obj the object to compare with this one.
+   * @return true if the object is an {@link MBeanPermission}
+   *         with the same name.
+   */
+  public boolean equals(Object obj)
+  {
+    if (obj instanceof MBeanServerPermission)
+      {
+	MBeanServerPermission o = (MBeanServerPermission) obj;
+	return o.getName().equals(getName());
+      }
+    return false;
+  }
+
+  /**
+   * Returns a unique hash code for this permission.
+   * This is simply the hashcode of {@link BasicPermission#getName()}.
+   *
+   * @return the hashcode of this permission.
+   */
+  public int hashCode()
+  {
+    return getName().hashCode();
+  }
+
+  /**
+   * Returns true if this {@link MBeanServerPermission} implies
+   * the given permission.  This occurs if the given permission
+   * is also an {@link MBeanServerPermission} and its target names
+   * are a subset of the target names of this permission.  Note that
+   * the name <code>createMBeanServer</code> implies
+   * <code>newMBeanServer</code>.
+   *
+   * @param p the permission to check for implication.
+   * @return true if this permission implies <code>p</code>.
+   */
+  public boolean implies(Permission p)
+  {
+    if (p instanceof MBeanServerPermission)
+      {
+	if (getName().equals("*"))
+	  return true;
+	MBeanServerPermission msp = (MBeanServerPermission) p;
+	String[] thisCaps = getName().split(",");
+	String[] mspCaps = msp.getName().split(",");
+	for (int a = 0; a < mspCaps.length; ++a)
+	  {
+	    boolean found = false;
+	    String mc = mspCaps[a].trim();
+	    for (int b = 0; b < thisCaps.length; ++b)
+	      {
+		String tc = thisCaps[b].trim();
+		if (tc.equals(mc))
+		  found = true;
+		if (tc.equals("createMBeanServer") &&
+		    mc.equals("newMBeanServer"))
+		  found = true;
+	      }
+	    if (!found)
+	      return false;
+	  }
+	return true;
+      }
+    return false;
+  }
+
+  /**
+   * Returns a {@link PermissionCollection} which stores
+   * a series of {@link MBeanServerPermission}s as the union
+   * of their capabilities.
+   *
+   * @return a collection for {@link MBeanServerPermission}s.
+   */
+  public PermissionCollection newPermissionCollection()
+  {
+    return new MBeanServerPermissionCollection();
+  }
+  
+  /**
+   * A collection of {@link MBeanServerPermission}s, stored
+   * as a single permission with the union of the capabilities
+   * as its capabilities.
+   *
+   * @author Andrew John Hughes (gnu...@me...)
+   * @since 1.5
+   */
+  private class MBeanServerPermissionCollection
+    extends PermissionCollection
+  {
+
+    /**
+     * Compatible with JDK 1.5
+     */
+    private static final long serialVersionUID = -5661980843569388590L;
+
+    /**
+     * The collected permission.  This is <code>null</code> or
+     * the union of the permissions held by all the collected
+     * permissions.
+     */
+    private MBeanServerPermission collectionPermission;
+
+    /**
+     * Adds a new permission by unifying it with the existing
+     * collection permission.
+     *
+     * @param p the permission to add.
+     * @throws SecurityException if the collection is read only.
+     * @see #isReadOnly()
+     * @see #setReadOnly(boolean)
+     */
+    public void add(Permission p)
+    {
+      if (isReadOnly())
+	throw new SecurityException("This collection is read only.");
+      if (p instanceof MBeanServerPermission)
+	{
+	  MBeanServerPermission msp = (MBeanServerPermission) p;
+	  if (collectionPermission == null)
+	    collectionPermission = msp;
+	  else
+	    {
+	      String finalString = collectionPermission.getName();
+	      String[] cp = finalString.split(",");
+	      String[] np = msp.getName().split(",");
+	      int createms = finalString.indexOf("createMBeanServer");
+	      int newms = finalString.indexOf("newMBeanServer");
+	      for (int a = 0; a < np.length; ++a)
+		{
+		  boolean found = false;
+		  String nps = np[a].trim();
+		  for (int b = 0; b < cp.length; ++b)
+		    {
+		      String cps = cp[b].trim();
+		      if (cps.equals(nps))
+			found = true;
+		      if (np.equals("newMBeanServer") 
+			  && createms != -1)
+			found = true;
+		      if (np.equals("createMBeanServer")
+			  && newms != -1)
+			finalString.replace("newMBeanServer",
+					    "createMBeanServer");
+		    }
+		  if (!found)
+		    finalString += "," + nps;
+		}
+	      collectionPermission =
+		new MBeanServerPermission(finalString);
+	    }
+	}
+    }
+    
+    /**
+     * Returns an enumeration over the single permission.
+     *
+     * @return an enumeration over the collection permission.
+     */
+    public Enumeration elements()
+    {
+      return new
+	MBeanServerPermissionEnumeration(collectionPermission);
+    }
+
+    /**
+     * Provides an enumeration over a comma-separated list
+     * of capabilities.
+     *
+     * @author Andrew John Hughes (gnu...@me...)
+     * @since 1.5
+     */
+    private class MBeanServerPermissionEnumeration
+      implements Enumeration
+    {
+
+      /**
+       * The collected permission.
+       */
+      private MBeanServerPermission p;
+
+      /**
+       * True if we have returned the permission.
+       */
+      private boolean done;
+
+      /**
+       * Constructs a new {@link MBeanServerPermissionEnumeration}
+       * using the given collected permission.
+       *
+       * @param p the collected permission.
+       */
+      public MBeanServerPermissionEnumeration(MBeanServerPermission p)
+      {
+	this.p = p;
+	done = false;
+      }
+
+      /**
+       * Returns true if there are more capabilities to return.
+       *
+       * @return true if there are more capabilities available.
+       */
+      public boolean hasMoreElements()
+      {
+	return !done;
+      }
+
+      /**
+       * Returns the next capability.
+       *
+       * @return the next capability.
+       */
+      public Object nextElement()
+      {
+	if (hasMoreElements())
+	  {
+	    done = true;
+	    return p;
+	  }
+	else
+	  throw new NoSuchElementException("No more elements are available.");
+      }
+
+    }
+
+    /**
+     * Returns true if the collected {@link MBeanServerPermission}
+     * implies the given permission.  This occurs if the given permission
+     * is also an {@link MBeanServerPermission} and its target names
+     * are a subset of the target names of this permission.  Note that
+     * the name <code>createMBeanServer</code> implies
+     * <code>newMBeanServer</code>.
+     *
+     * @param p the permission to check for implication.
+     * @return true if this permission implies <code>p</code>.
+     */
+    public boolean implies(Permission p)
+    {
+      return collectionPermission.implies(p);
+    }
+  }
+
+  /**
+   * Checks the name is valid, including removing
+   * the <code>newMBeanServer</code> permission when
+   * <code>createMBeanServer</code> is present.
+   *
+   * @param name the name to check.
+   * @throws NullPointerException if <code>name</code>
+   *                              is <code>null</code>.
+   * @throws IllegalArgumentException if <code>name</code>
+   *                                  is not either equal to
+   *                                  <code>"*"</code> or forms
+   *                                  a comma-separated list of
+   *                                  valid constraints.
+   */
+  private static String checkName(String name)
+  {
+    if (!(name.equals("*")))
+      {
+	String[] constraints = name.split(",");
+	name = "";
+	boolean seenCreate = false;
+	boolean seenNew = false;
+	boolean start = true;
+	for (int a = 0; a < constraints.length; ++a)
+	  {
+	    String next = constraints[a].trim();
+	    if (!(next.equals("createMBeanServer") ||
+		  next.equals("findMBeanServer") ||
+		  next.equals("newMBeanServer") ||
+		  next.equals("releaseMBeanServer")))
+	      throw new IllegalArgumentException("An invalid constraint, " +
+						 next + ", was specified.");
+	    if (next.equals("newMBeanServer"))
+	      seenNew = true;
+	    else if (next.equals("createMBeanServer"))
+	      seenCreate = true;
+	    else
+	      {
+		if (!start)
+		  name += ",";
+		name += next;
+		start = false;
+	      }
+	  }
+	if (seenNew && !seenCreate)
+	  name += (start ? "" : ",") + "newMBeanServer";
+	else if (seenCreate)
+	  name += (start ? "" : ",") + "createMBeanServer";
+      }
+    return name;
+  }
+
+}
+
+
+
+

Added: trunk/core/src/classpath/javax/javax/net/ssl/CertPathTrustManagerParameters.java
===================================================================
--- trunk/core/src/classpath/javax/javax/net/ssl/CertPathTrustManagerParameters.java	                        (rev 0)
+++ trunk/core/src/classpath/javax/javax/net/ssl/CertPathTrustManagerParameters.java	2007-01-07 12:57:57 UTC (rev 3025)
@@ -0,0 +1,71 @@
+/* CertPathTrustManagerParameters.java -- 
+   Copyright (C) 2006  Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.  */
+
+
+package javax.net.ssl;
+
+import java.security.cert.CertPathParameters;
+
+/**
+ * Trust manager parameters for certification paths.
+ */
+public class CertPathTrustManagerParameters implements ManagerFactoryParameters
+{
+  private final CertPathParameters params;
+
+  /**
+   * Creates a new trust manager parameter instance. The argument is
+   * cloned to prevent modification of this instance.
+   *
+   * @param params The certificate path parameters.
+   * @throws NullPointerException If params is null.
+   */
+  public CertPathTrustManagerParameters (final CertPathParameters params)
+  {
+    this.params = (CertPathParameters) params.clone ();
+  }
+
+  /**
+   * Returns a copy of the certificate path parameters.
+   *
+   * @return A copy of the certificate path parameters.
+   */
+  public CertPathParameters getParameters ()
+  {
+    return (CertPathParameters) params.clone ();
+  }
+}

Modified: trunk/core/src/classpath/javax/javax/net/ssl/HandshakeCompletedEvent.java
===================================================================
--- trunk/core/src/classpath/javax/javax/net/ssl/HandshakeCompletedEvent.java	2007-01-07 12:55:51 UTC (rev 3024)
+++ trunk/core/src/classpath/javax/javax/net/ssl/HandshakeCompletedEvent.java	2007-01-07 12:57:57 UTC (rev 3025)
@@ -38,6 +38,7 @@
 
 package javax.net.ssl;
 
+import java.security.Principal;
 import java.security.cert.Certificate;
 
 import javax.security.cert.X509Certificate;
@@ -108,6 +109,20 @@
   }
 
   /**
+   * Returns the local identity used in this connection, or
+   * <code>null</code> if there is none.
+   *
+   * @return The local identity.
+   * @since 1.5
+   */
+  public Principal getLocalPrincipal ()
+  {
+    if (session != null)
+      return session.getLocalPrincipal ();
+    return null;
+  }
+
+  /**
    * Returns the peer's certificates being used in this connection.
    *
    * @return The peer's certificates.
@@ -129,6 +144,22 @@
   }
 
   /**
+   * Returns the peer's identity, or <code>null</code> if there is
+   * none.
+   *
+   * @return The peer's identity.
+   * @throws SSLPeerUnverifiedException If the remote peer's identity
+   * could not be verified.
+   * @since 1.5
+   */
+  public Principal getPeerPrincipal () throws SSLPeerUnverifiedException
+  {
+    if (session != null)
+      return session.getPeerPrincipal ();
+    return null;
+  }
+
+  /**
    * Returns the SSL session object associated with this connection.
    *
    * @return The session object.

Modified: trunk/core/src/classpath/javax/javax/net/ssl/HttpsURLConnection.java
===================================================================
--- trunk/core/src/classpath/javax/javax/net/ssl/HttpsURLConnection.java	2007-01-07 12:55:51 UTC (rev 3024)
+++ trunk/core/src/classpath/javax/javax/net/ssl/HttpsURLConnection.java	2007-01-07 12:57:57 UTC (rev 3025)
@@ -38,9 +38,12 @@
 
 package javax.net.ssl;
 
+import java.io.IOException;
 import java.net.HttpURLConnection;
 import java.net.URL;
+import java.security.Principal;
 import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
 
 /**
  * A URL connection that connects via the <i>Secure Socket Layer</i>
@@ -245,6 +248,48 @@
     this.factory = factory;
   }
 
+  /**
+   * Returns the local principal for this connection.
+   *
+   * <p>The default implementation will return the {@link
+   * javax.security.x500.X500Principal} for the end entity certificate
+   * in the local certificate chain if those certificates are of type
+   * {@link java.security.cert.X509Certificate}. Otherwise, this
+   * method returns <code>null</code>.
+   *
+   * @return The local principal.
+   * @since 1.5
+   */
+  public Principal getLocalPrincipal ()
+  {
+    Certificate[] c = getLocalCertificates ();
+    if (c != null && c.length > 0 && (c[0] instanceof X509Certificate))
+      return ((X509Certificate) c[0]).getSubjectX500Principal ();
+    return null;
+  }
+
+  /**
+   * Returns the remote peer's principal for this connection.
+   *
+   * <p>The default implementation will return the {@link
+   * javax.security.x500.X500Principal} for the end entity certificate
+   * in the remote peer's certificate chain if those certificates are
+   * of type {@link java.security.cert.X509Certificate}. Otherwise,
+   * this method returns <code>null</code>.
+   *
+   * @return The remote principal.
+   * @throws SSLPeerUnverifiedException If the remote peer has not
+   * been verified.
+   * @since 1.5
+   */
+  public Principal getPeerPrincipal () throws SSLPeerUnverifiedException
+  {
+    Certificate[] c = getServerCertificates ();
+    if (c != null && c.length > 0 && (c[0] instanceof X509Certificate))
+      return ((X509Certificate) c[0]).getSubjectX500Principal ();
+    return null;
+  }
+
   // Abstract methods.
   // -------------------------------------------------------------------
 

Added: trunk/core/src/classpath/javax/javax/net/ssl/KeyStoreBuilderParameters.java
===================================================================
--- trunk/core/src/classpath/javax/javax/net/ssl/KeyStoreBuilderParameters.java	                        (rev 0)
+++ trunk/core/src/classpath/javax/javax/net/ssl/KeyStoreBuilderParameters.java	2007-01-07 12:57:57 UTC (rev 3025)
@@ -0,0 +1,48 @@
+/* KeyStoreBuilderParameters.java -- 
+   Copyright (C) 2006  Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.  */
+
+
+package javax.net.ssl;
+
+/**
+ * <p style="color: red;"><b>FIXME</b> this class is currently a stub;
+ * it depends on an implementation of {@link
+ * java.security.KeyStore.Builder}</p>.
+ */
+public class KeyStoreBuilderParameters implements ManagerFactoryParameters
+{
+}

Modified: trunk/core/src/classpath/javax/javax/net/ssl/SSLContext.java
===================================================================
--- trunk/core/src/classpath/javax/javax/net/ssl/SSLContext.java	2007-01-07 12:55:51 UTC (rev 3024)
+++ trunk/core/src/classpath/javax/javax/net/ssl/SSLContext.java	2007-01-07 12:57:57 UTC (rev 3025)
@@ -189,6 +189,31 @@
   }
 
   /**
+   * Creates a new {@link SSLEngine} for this context.
+   *
+   * @return The new SSLEngine.
+   * @since 1.5
+   */
+  public final SSLEngine createSSLEngine ()
+  {
+    return ctxSpi.engineCreateSSLEngine ();
+  }
+
+  /**
+   * Creates a new {@link SSLEngine} for this context, with a given
+   * host name and port number.
+   *
+   * @param host The local host name.
+   * @param port The local port number.
+   * @return The new SSLEngine.
+   * @since 1.5
+   */
+  public final SSLEngine createSSLEngine (final String host, final int port)
+  {
+    return ctxSpi.engineCreateSSLEngine (host, port);
+  }
+
+  /**
    * Returns the set of SSL contexts available for client connections.
    *
    * @return The set of SSL contexts available for client connections.

Modified: trunk/core/src/classpath/javax/javax/net/ssl/SSLContextSpi.java
===================================================================
--- trunk/core/src/classpath/javax/javax/net/ssl/SSLContextSpi.java	2007-01-07 12:55:51 UTC (rev 3024)
+++ trunk/core/src/classpath/javax/javax/net/ssl/SSLContextSpi.java	2007-01-07 12:57:57 UTC (rev 3025)
@@ -64,7 +64,29 @@
   // Abstract methods.
   // -------------------------------------------------------------------
 
+  // Sun, you've broken existing applications by introducing new
+  // abstract methods! Goodjob!!!
+
   /**
+   * Returns a new {@link SSLEngine} for this context.
+   *
+   * @return A new SSLEngine.
+   * @since 1.5
+   */
+  protected abstract SSLEngine engineCreateSSLEngine ();
+
+  /**
+   * Returns a new {@link SSLEngine} for this context, for the given
+   * host name and port number.
+   *
+   * @param host The local host name.
+   * @param port The local port number.
+   * @return A new SSLEngine.
+   * @since 1.5
+   */
+  protected abstract SSLEngine engineCreateSSLEngine (String host, int port);
+
+  /**
    * Returns the set of SSL sessions available for client connections.
    *
    * @return The set of SSL sessions available for client connections.

Added: trunk/core/src/classpath/javax/javax/net/ssl/SSLEngine.java
===================================================================
--- trunk/core/src/classpath/javax/javax/net/ssl/SSLEngine.java	                        (rev 0)
+++ trunk/core/src/classpath/javax/javax/net/ssl/SSLEngine.java	2007-01-07 12:57:57 UTC (rev 3025)
@@ -0,0 +1,442 @@
+/* SSLEngine.java -- advanced, generic utility for manipulating SSL messages.
+   Copyright (C) 2006  Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.  */
+
+
+package javax.net.ssl;
+
+import java.nio.ByteBuffer;
+
+/**
+ * A class for low-level message wrapping and unwrapping of SSL
+ * messages.
+ *
+ * @author Casey Marshall (cs...@gn...)
+ * @since 1.5
+ */
+public abstract class SSLEngine
+{
+  private final String peerHost;
+  private final int peerPort;
+
+  /**
+   * Creates a new SSLEngine with no peer host name or port number.
+   */
+  protected SSLEngine ()
+  {
+    this (null, -1);
+  }
+
+  /**
+   * Creates a new SSLEngine with the specified peer host name and
+   * port number.
+   *
+   * @param peerHost The peer's host name.
+   * @param peerPort The peer's port number.
+   */
+  protected SSLEngine (String peerHost, int peerPort)
+  {
+    this.peerHost = peerHost;
+    this.peerPort = peerPort;
+  }
+
+
+
+  /**
+   * Begin, or restart, the SSL handshake.
+   *
+   * @throws SSLException
+   */
+  public abstract void beginHandshake () throws SSLException;
+
+  /**
+   * Close the inbound state.
+   *
+   * @throws SSLException
+   */
+  public abstract void closeInbound () throws SSLException;
+
+  /**
+   * Close the outbound state.
+   */
+  public abstract void closeOutbound ();
+
+  /**
+   *
+   */
+  public abstract Runnable getDelegatedTask ();
+
+  /**
+   * Returns the peer host name this SSL session is connected to, or
+   * <code>null</code> if this value was not set.
+   *
+   * @return The peer host's name.
+   */
+  public String getPeerHost ()
+  {
+    return peerHost;
+  }
+
+  /**
+   * Returns the peer IP port number this SSL session in communicating
+   * on, or -1 if this value was not set.
+   *
+   * @return The peer's port number.
+   */
+  public int getPeerPort ()
+  {
+    return peerPort;
+  }
+
+  /**
+   * Returns a list of SSL cipher suite names this SSLEngine is
+   * configured to use.
+   *
+   * @return The list of enabled cipher suite names.
+   */
+  public abstract String[] getEnabledCipherSuites();
+
+  /**
+   * Returns a list of SSL protocol version names this SSLEngine is
+   * configured to use.
+   *
+   * @return The list of enabled protocol names.
+   */
+  public abstract String[] getEnabledProtocols ();
+
+  /**
+   * Tells if sessions will be created by this engine, and therefore
+   * may be resumed at a later time.
+   *
+   * @return True if sessions will be created.
+   */
+  public abstract boolean getEnableSessionCreation();
+
+  /**
+   * Return the current handshake status.
+   *
+   * @return The current handshake status.
+   */
+  public abstract SSLEngineResult.HandshakeStatus getHandshakeStatus ();
+
+  /**
+   * Tells if this SSLEngine is configured to require client
+   * authentication when in server mode.
+   *
+   * @return True iff client authentication is required.
+   */
+  public abstract boolean getNeedClientAuth ();
+
+  /**
+   * Return the {@link SSLSession} object this connection represents.
+   *
+   * @return The SSL session.
+   */
+  public abstract SSLSession getSession ();
+
+  /**
+   * Returns a list of SSL cipher suite names this SSLEngine
+   * implementation supports.
+   *
+   * @return The list of cipher suite names supported by this
+   * implementation.
+   */
+  public abstract String[] getSupportedCipherSuites ();
+
+  /**
+   * Returns a list of SSL protocol version names this SSLEngine
+   * implementation supports. SSL protocol names include things like
+   * "SSLv3" or "TLSv1".
+   *
+   * @return The list of SSL protocol names
+   */
+  public abstract String[] getSupportedProtocols ();
+
+  /**
+   * Tells if this SSLEngine is a "client" session.
+   *
+   * @return True iff this session is configured for client mode.
+   */
+  public abstract boolean getUseClientMode ();
+
+  /**
+   * Tells if client authentication is requested, but not required,
+   * for sessions in server mode. If true, a server session will
+   * request an authentication message from connecting clients, but
+   * will still allow clients to connect if they cannot be
+   * authenticated.
+   *
+   * @return True iff client authentication is requested.
+   */
+  public abstract boolean getWantClientAuth ();
+
+  /**
+   * Tells if the incoming data stream is finished, and thus if no
+   * more data will be available to be unwrapped.
+   *
+   * @return True if no more data is to be unwrapped.
+   */
+  public abstract boolean isInboundDone ();
+
+  /**
+   * Tells if the outgoing data stream is finished, and thus if no
+   * more data may be wrapped.
+   *
+   * @return True if no more data may be wrapped.
+   */
+  public abstract boolean isOutboundDone ();
+
+  /**
+   * Sets the list of enabled cipher suites. The argument is an array
+   * of strings of the canonical suite names.
+   *
+   * @param suites The cipher suites to enable.
+   * @throws IllegalArgumentException If any of the specified suite
+   * strings is not supported by this implementation, or if the
+   * argument is null.
+   */
+  public abstract void setEnabledCipherSuites (String[] suites);
+
+  /**
+   * Sets the list of enabled protocol versions. The argument is an
+   * array of strings of the canonical protocol version names, such as
+   * "TLSv1".
+   *
+   * @param protocols The protocol versions to enable.
+   * @throws IllegalArgumentException If any of the specified
+   * protocols are not supported, or if the argument is null.
+   */
+  public abstract void setEnabledProtocols (String[] protocols);
+
+  /**
+   * Enables or disables session creation. If enabled, each connection
+   * will create session that may be resumed by another connection.
+   *
+   * @param create Whether or not to enable session creation.
+   */
+  public abstract void setEnableSessionCreation (boolean create);
+
+  /**
+   * Enables client or server mode. If the argument is true, this
+   * engine will run in client mode; if false, server mode.
+   *
+   * @param clientMode Whether or not to use client mode.
+   */
+  public abstract void setUseClientMode (boolean clientMode);
+
+  /**
+   * Enables or disables required client authentication. If enabled,
+   * clients may only connect if they provide proper identification.
+   *
+   * <p>This parameter is only used in server mode.
+   *
+   * @param needAuth Whether or not client authentication is required.
+   */
+  public abstract void setNeedClientAuth (boolean needAuth);
+
+  /**
+   * Enables or disables requested client authentication. If enabled,
+   * clients will be asked to provide proper identification, but will
+   * still be allowed to connect if they do not provide it.
+   *
+   * <p>This parameter is only used in server mode.
+   *
+   * @param wantAuth Whether or not client authentication will be
+   * requested, but not required.
+   */
+  public abstract void setWantClientAuth (boolean wantAuth);
+
+  /**
+   * Unwraps a byte buffer recieved from the network, storing the
+   * decrypted, unwrapped bytes into the given buffer.
+   *
+   * <p>This call is exactly equivalent to <code>unwrap (source, new
+   * ByteBuffer[] { sink }, 0, 1)</code>.
+   *
+   * @param source The source bytes, coming from the network.
+   * @param sink The buffer to hold the unwrapped message.
+   * @return An engine result object for the operation.
+   * @throws SSLException If an SSL message parsing error occurs.
+   * @throws java.nio.ReadOnlyBufferException If 'sink' is not
+   * writable.
+   * @throws IllegalArgumentException If either 'source' or 'sink' is
+   * null.
+   * @throws IllegalStateException If this engine has not been put
+   * into client or server mode.
+   */
+  public SSLEngineResult unwrap (ByteBuffer source, ByteBuffer sink)
+    throws SSLException
+  {
+    return unwrap (source, new ByteBuffer[] { sink }, 0, 1);
+  }
+
+  /**
+   * Unwraps a byte buffer recieved from the network, storing the
+   * decrypted, unwrapped bytes into the given buffers.
+   *
+   * <p>This call is exactly equivalent to <code>unwrap (source,
+   * sinks, 0, sinks.length)</code>.
+   *
+   * @param source The source bytes, coming from the network.
+   * @param sinks The buffers to hold the unwrapped message.
+   * @return An engine result object for the operation.
+   * @throws SSLException If an SSL message parsing error occurs.
+   * @throws java.nio.ReadOnlyBufferException If any buffer in 'sinks'
+   * is not writable.
+   * @throws IllegalArgumentException If either 'source' or 'sinks' is
+   * null.
+   * @throws IllegalStateException If this engine has not been put
+   * into client or server mode.
+   */
+  public SSLEngineResult unwrap (ByteBuffer source, ByteBuffer[] sinks)
+    throws SSLException
+  {
+    return unwrap (source, sinks, 0, sinks.length);
+  }
+
+  /**
+   * Unwraps a byte buffer received from the network, storing the
+   * decrypted, unwrapped bytes into the given buffers. After
+   * unwrapping, the bytes placed into the sink buffers are ready for
+   * consumption by the application.
+   *
+   * <p>This method may place no bytes in the destination buffer; for
+   * example, if this engine is still performing the SSL handshake,
+   * only handshake data will be consumed, and no application data.
+   *
+   * <p>It is stated that this method may modify the source buffer,
+   * and that it must not be passed to another SSLEngine (SSL
+   * connections are independent, so another SSLEngine will not have
+   * the parameters or state to handle messages meant for this
+   * engine).
+   *
+   * @param source The source bytes, coming from the network.
+   * @param sinks The buffers to hold the unwrapped message.
+   * @param offset The index of the first buffer in 'sinks' to use.
+   * @param length The number of buffers in 'sinks' to use.
+   * @return An engine result object for the operation.
+   * @throws SSLException If an SSL message parsing error occurs.
+   * @throws java.nio.ReadOnlyBufferException If any buffer in 'sinks'
+   * is not writable.
+   * @throws IllegalArgumentException If either 'source' or 'sinks' is
+   * null.
+   * @throws IllegalStateException If this engine has not been put
+   * into client or server mode.
+   * @throws IndexOutOfBoundsException If 'offset' or 'length' is
+   * negative, or if 'length+offset' is greater than 'sinks.length'.
+   */
+  public abstract SSLEngineResult unwrap (ByteBuffer source,
+					  ByteBuffer[] sinks, int offset,
+					  int length)
+    throws javax.net.ssl.SSLException;
+
+  /**
+   * Wraps a byte buffer into an SSL message, for preparation to send
+   * it over the network.
+   *
+   * <p>This method is exactly equivalent to <code>wrap (new
+   * ByteBuffer[] { source }, 0, 1, sink)</code>.
+   *
+   * @param source The source buffer with application data.
+   * @param sink The buffer to hold the wrapped data.
+   * @return An engine result object for the operation.
+   * @throws SSLException If an SSL error occurs.
+   * @throws java.nio.ReadOnlyBufferException If 'sink' is read-only.
+   * @throws IllegalArgumentException If either 'source' or 'sink' is
+   * null.
+   * @throws IllegalStateException If this engine has not been put
+   * into client or server mode.
+   */
+  public SSLEngineResult wrap (ByteBuffer source, ByteBuffer sink)
+    throws SSLException
+  {
+    return wrap (new ByteBuffer[] { source }, 0, 1, sink);
+  }
+
+  /**
+   * Wraps byte buffers into an SSL message, for preparation to send
+   * them over the network.
+   *
+   * <p>This method is exactly equivalent to <code>wrap (sources, 0,
+   * 1, sink)</code>.
+   *
+   * @param sources The source buffers with application data.
+   * @param sink The buffer to hold the wrapped data.
+   * @return An engine result object for the operation.
+   * @throws SSLException If an SSL error occurs.
+   * @throws java.nio.ReadOnlyBufferException If 'sink' is read-only.
+   * @throws IllegalArgumentException If either 'sources' or 'sink' is
+   * null.
+   * @throws IllegalStateException If this engine has not been put
+   * into client or server mode.
+   */
+  public SSLEngineResult wrap (ByteBuffer[] sources, ByteBuffer sink)
+    throws SSLException
+  {
+    return wrap (sources, 0, sources.length, sink);
+  }
+
+  /**
+   * Wraps byte buffers into an SSL message, for preparation to send
+   * them over the network. After wrapping, the data in the sink
+   * buffer is ready to be sent over the transport layer.
+   *
+   * <p>This method may consume no data from the source buffers, and
+   * yet still produce output that should be sent accross the wire;
+   * for example if this engine has not yet completed the SSL
+   * handshake, the sink buffer will be filled with handshake
+   * messages.
+   *
+   * @param sources The source buffers with application data.
+   * @param offset The offset into the source buffers to start reading
+   * application data.
+   * @param length The number of buffers to read from 'sources'.
+   * @param sink The buffer to hold the wrapped data.
+   * @return An engine result object for the operation.
+   * @throws SSLException If an SSL error occurs.
+   * @throws java.nio.ReadOnlyBufferException If 'sink' is read-only.
+   * @throws IllegalArgumentException If either 'sources' or 'sink' is
+   * null.
+   * @throws IllegalStateException If this engine has not been put
+   * into client or server mode.
+   * @throws IndexOutOfBoundsException If 'offset' or 'length' is
+   * negative, or if 'length+offset' is greater than 'sources.length'.
+   */
+  public abstract SSLEngineResult wrap (ByteBuffer[] sources, int offset,
+					int length, ByteBuffer sink)
+    throws SSLException;
+
+}

Added: trunk/core/src/classpath/javax/javax/net/ssl/SSLEngineResult.java
===================================================================
--- trunk/core/src/classpath/javax/javax/net/ssl/SSLEngineResult.java	                        (rev 0)
+++ trunk/core/src/classpath/javax/javax/net/ssl/SSLEngineResult.java	2007-01-07 12:57:57 UTC (rev 3025)
@@ -0,0 +1,194 @@
+/* SSLEngineResult.java -- 
+   Copyright (C) 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+/**
+ * A result from an {@link SSLEngine} <code>wrap</code> or
+ * <code>unwrap</code> operation. This class conveys a possibly
+ * intermediate result, and may ask for more input data or request
+ * that output data be sent over a connection.
+ */
+public class SSLEngineResult
+{
+  private final HandshakeStatus handshakeStatus;
+  private final Status status;
+  private final int bytesConsumed;
+  private final int bytesProduced;
+
+  /**
+   * Creates a new SSL engine result.
+   *
+   * @param status The status of the SSL connection.
+   * @param handshakeStatus The status of the SSL handshake.
+   * @param bytesConsumed The number of bytes consumed by the previous
+   * operation.
+   * @param bytesProduced The number of bytes produced by the previous
+   * operation.
+   * @throws IllegalArgumentException If either enum value is
+   * <code>null</code>, or if either integer is negative.
+   */
+  public SSLEngineResult (Status status, HandshakeStatus handshakeStatus,
+			  int bytesConsumed, int bytesProduced)
+  {
+    if (status == null)
+      throw new IllegalArgumentException ("'status' may not be null");
+    if (handshakeStatus == null)
+      throw new IllegalArgumentException ("'handshakeStatus' may not be null");
+    if (bytesConsumed < 0)
+      throw new IllegalArgumentException ("'bytesConumed' must be nonnegative");
+    if (bytesProduced < 0)
+      throw new IllegalArgumentException ("'bytesProduced' must be nonnegative");
+    this.status = status;
+    this.handshakeStatus = handshakeStatus;
+    this.bytesConsumed = bytesConsumed;
+    this.bytesProduced = bytesProduced;
+  }
+
+
+
+  /**
+   * An enumeration of possible general states.
+   */
+  public static enum Status
+  {
+
+    /**
+     * There were not enough input bytes available to complete the
+     * operation.
+     */
+    BUFFER_UNDERFLOW,
+
+    /**
+     * There was not enough space for the output message.
+     */
+    BUFFER_OVERFLOW,
+
+    /**
+     * Okay. No error.
+     */
+    OK,
+
+    /**
+     * The connection is closed.
+     */
+    CLOSED
+  }
+
+  /**
+   * An enumeration of possible handshake status states.
+   */
+  public static enum HandshakeStatus
+  {
+
+    /**
+     * Not currently handshaking.
+     */
+    NOT_HANDSHAKING,
+
+    /**
+     * The handshake is finished.
+     */
+    FINISHED,
+
+    /**
+     * Needs the status of one or more delegated tasks.
+     */
+    NEED_TASK,
+
+    /**
+     * Has data prepared for output, and needs a new call to
+     * <code>wrap</code>.
+     */
+    NEED_WRAP,
+
+    /**
+     * Is waiting for more input.
+     */
+    NEED_UNWRAP
+  }
+
+
+
+  /**
+   * Returns the number of bytes consumed by the previous operation.
+   *
+   * @return The number of bytes consumed.
+   */
+  public int bytesConsumed ()
+  {
+    return bytesConsumed;
+  }
+
+  /**
+   * Returns the number of bytes produced by the previous operation.
+   *
+   * @return The number of bytes produced.
+   */
+  public int bytesProduced ()
+  {
+    return bytesProduced;
+  }
+
+  /**
+   * Returns the handshake status.
+   *
+   * @return The handshake status.
+   */
+  public HandshakeStatus getHandshakeStatus ()
+  {
+    return handshakeStatus;
+  }
+
+  /**
+   * Returns the connection status.
+   *
+   * @return The connection status.
+   */
+  public Status getStatus ()
+  {
+    return status;
+  }
+
+  public String toString ()
+  {
+    return (super.toString () + " [ status: " + status + "; handshakeStatus: "
+	    + handshakeStatus + "; bytesConsumed: " + bytesConsumed
+	    + "; bytesProduced: " + bytesProduced + " ]");
+  }
+}

Modified: trunk/core/src/classpath/javax/javax/net/ssl/SSLServerSocketFactory.java
===================================================================
--- trunk/core/src/classpath/javax/javax/net/ssl/SSLServerSocketFactory.java	2007-01-07 12:55:51 UTC (rev 3024)
+++ trunk/core/src/classpath/javax/javax/net/ssl/SSLServerSocketFactory.java	2007-01-07 12:57:57 UTC (rev 3025)
@@ -38,6 +38,9 @@
 
 package javax.net.ssl;
 
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.ServerSocket;
 import java.security.KeyStore;
 import java.security.Security;
 
@@ -138,8 +141,9 @@
           }
         catch (Exception ex)
           {
-            throw new RuntimeException("error instantiating default server socket factory: "
-                                       + ex.toString());
+            return ne...
 
[truncated message content]