2006-03-10 Casey Marshall <csm@gnu.org>

	* gnu/java/lang/PseudoEnum.java: new file.
	* javax/net/ssl/CertPathTrustManagerParameters.java: new file.
	* javax/net/ssl/HandshakeCompletedEvent.java (getLocalPrincipal,
	getPeerPrincipal): new method.
	* javax/net/ssl/HttpsURLConnection.java (<init>): don't declare to
	throw IOException.
	(getLocalPrincipal, getPeerPrincipal): new methods.
	* javax/net/ssl/KeyStoreBuilderParameters.java: new file.
	* javax/net/ssl/SSLContext.java (createSSLEngine,
	createSSLEngine): new methods.
	* javax/net/ssl/SSLContextSpi.java (engineCreateSSLEngine,
	engineCreateSSLEngine): new methods.
	* javax/net/ssl/SSLEngine.java: new file.
	* javax/net/ssl/SSLEngineResult.java: new file.
	* javax/net/ssl/SSLSession.java (getApplicationBufferSize,
	getLocalPrincipal, getPacketBufferSize, getPeerPort,
	getPeerPrincipal, isValid): new methods.
	* javax/net/ssl/X509ExtendedKeyManager.java: new file.

12 files changed, 1209 insertions, 1 deletions

diff --git a/ChangeLog-jessie-nio b/ChangeLog-jessie-nio
index 97552aefc..72707c6a5 100644
--- a/ChangeLog-jessie-nio
+++ b/ChangeLog-jessie-nio
@@ -1,5 +1,26 @@
 2006-03-10  Casey Marshall  <csm@gnu.org>
 
+	* gnu/java/lang/PseudoEnum.java: new file.
+	* javax/net/ssl/CertPathTrustManagerParameters.java: new file.	
+	* javax/net/ssl/HandshakeCompletedEvent.java (getLocalPrincipal,
+	getPeerPrincipal): new method.
+	* javax/net/ssl/HttpsURLConnection.java (<init>): don't declare to
+	throw IOException.
+	(getLocalPrincipal, getPeerPrincipal): new methods.
+	* javax/net/ssl/KeyStoreBuilderParameters.java: new file.
+	* javax/net/ssl/SSLContext.java (createSSLEngine,
+	createSSLEngine): new methods.
+	* javax/net/ssl/SSLContextSpi.java (engineCreateSSLEngine,
+	engineCreateSSLEngine): new methods.
+	* javax/net/ssl/SSLEngine.java: new file.
+	* javax/net/ssl/SSLEngineResult.java: new file.
+	* javax/net/ssl/SSLSession.java (getApplicationBufferSize,
+	getLocalPrincipal, getPacketBufferSize, getPeerPort,
+	getPeerPrincipal, isValid): new methods.
+	* javax/net/ssl/X509ExtendedKeyManager.java: new file.
+
+2006-03-10  Casey Marshall  <csm@gnu.org>
+
 	Fixes PR 23768.
 	* javax/crypto/Cipher.java (doFinal, doFinal, doFinal): don't
 	reset `state.'
diff --git a/gnu/java/lang/PseudoEnum.java b/gnu/java/lang/PseudoEnum.java
new file mode 100644
index 000000000..c5ee3a76c
--- /dev/null
+++ b/gnu/java/lang/PseudoEnum.java
@@ -0,0 +1,96 @@
+/* PseudoEnum.java -- emulate an Enum in pre-Java 1.5 code.
+   Copyright (C) 2006  Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.  */
+
+
+package gnu.java.lang;
+
+import java.io.Serializable;
+
+public abstract class PseudoEnum implements Comparable, Serializable
+{
+  private final int ordinal;
+  private final String name;
+  private final Class declaringClass;
+
+  protected PseudoEnum (final int ordinal, final String name,
+                        final Class declaringClass)
+  {
+    this.ordinal = ordinal;
+    this.name = name;
+    this.declaringClass = declaringClass;
+  }
+
+  public final int compareTo (Object o)
+  {
+    PseudoEnum that = (PseudoEnum) o;
+    if (ordinal < that.ordinal)
+      return -1;
+    if (ordinal > that.ordinal)
+      return 1;
+    return 0;
+  }
+
+  public final boolean equals (Object o)
+  {
+    return (this == o);
+  }
+
+  public final Class getDeclaringClass ()
+  {
+    return declaringClass;
+  }
+
+  public final int hashCode ()
+  {
+    return ordinal;
+  }
+
+  public final String name ()
+  {
+    return name;
+  }
+
+  public final int ordinal ()
+  {
+    return ordinal;
+  }
+
+  public String toString ()
+  {
+    return name;
+  }
+}
diff --git a/javax/net/ssl/CertPathTrustManagerParameters.java b/javax/net/ssl/CertPathTrustManagerParameters.java
new file mode 100644
index 000000000..b6dc135e1
--- /dev/null
+++ b/javax/net/ssl/CertPathTrustManagerParameters.java
@@ -0,0 +1,71 @@
+/* CertPathTrustManagerParameters.java -- 
+   Copyright (C) 2006  Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.  */
+
+
+package javax.net.ssl;
+
+import java.security.cert.CertPathParameters;
+
+/**
+ * Trust manager parameters for certification paths.
+ */
+public class CertPathTrustManagerParameters implements ManagerFactoryParameters
+{
+  private final CertPathParameters params;
+
+  /**
+   * Creates a new trust manager parameter instance. The argument is
+   * cloned to prevent modification of this instance.
+   *
+   * @param params The certificate path parameters.
+   * @throws NullPointerException If params is null.
+   */
+  public CertPathTrustManagerParameters (final CertPathParameters params)
+  {
+    this.params = (CertPathParameters) params.clone ();
+  }
+
+  /**
+   * Returns a copy of the certificate path parameters.
+   *
+   * @return A copy of the certificate path parameters.
+   */
+  public CertPathParameters getParameters ()
+  {
+    return (CertPathParameters) params.clone ();
+  }
+}
diff --git a/javax/net/ssl/HandshakeCompletedEvent.java b/javax/net/ssl/HandshakeCompletedEvent.java
index 743f13726..b65dff06c 100644
--- a/javax/net/ssl/HandshakeCompletedEvent.java
+++ b/javax/net/ssl/HandshakeCompletedEvent.java
@@ -38,6 +38,7 @@ exception statement from your version. */
 
 package javax.net.ssl;
 
+import java.security.Principal;
 import java.security.cert.Certificate;
 
 import javax.security.cert.X509Certificate;
@@ -108,6 +109,20 @@ public class HandshakeCompletedEvent extends java.util.EventObject
   }
 
   /**
+   * Returns the local identity used in this connection, or
+   * <code>null</code> if there is none.
+   *
+   * @return The local identity.
+   * @since 1.5
+   */
+  public Principal getLocalPrincipal ()
+  {
+    if (session != null)
+      return session.getLocalPrincipal ();
+    return null;
+  }
+
+  /**
    * Returns the peer's certificates being used in this connection.
    *
    * @return The peer's certificates.
@@ -129,6 +144,22 @@ public class HandshakeCompletedEvent extends java.util.EventObject
   }
 
   /**
+   * Returns the peer's identity, or <code>null</code> if there is
+   * none.
+   *
+   * @return The peer's identity.
+   * @throws SSLPeerUnverifiedException If the remote peer's identity
+   * could not be verified.
+   * @since 1.5
+   */
+  public Principal getPeerPrincipal () throws SSLPeerUnverifiedException
+  {
+    if (session != null)
+      return session.getPeerPrincipal ();
+    return null;
+  }
+
+  /**
    * Returns the SSL session object associated with this connection.
    *
    * @return The session object.
diff --git a/javax/net/ssl/HttpsURLConnection.java b/javax/net/ssl/HttpsURLConnection.java
index 4c73edbcd..7b7c83d76 100644
--- a/javax/net/ssl/HttpsURLConnection.java
+++ b/javax/net/ssl/HttpsURLConnection.java
@@ -41,7 +41,9 @@ package javax.net.ssl;
 import java.io.IOException;
 import java.net.HttpURLConnection;
 import java.net.URL;
+import java.security.Principal;
 import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
 
 /**
  * A URL connection that connects via the <i>Secure Socket Layer</i>
@@ -92,7 +94,7 @@ public abstract class HttpsURLConnection extends HttpURLConnection
    * @param url The URL of the connection being established.
    * @throws IOException If the connection cannot be established.
    */
-  protected HttpsURLConnection(URL url) throws IOException
+  protected HttpsURLConnection(URL url)
   {
     super(url);
   }
@@ -245,6 +247,48 @@ public abstract class HttpsURLConnection extends HttpURLConnection
     this.factory = factory;
   }
 
+  /**
+   * Returns the local principal for this connection.
+   *
+   * <p>The default implementation will return the {@link
+   * javax.security.x500.X500Principal} for the end entity certificate
+   * in the local certificate chain if those certificates are of type
+   * {@link java.security.cert.X509Certificate}. Otherwise, this
+   * method returns <code>null</code>.
+   *
+   * @return The local principal.
+   * @since 1.5
+   */
+  public Principal getLocalPrincipal ()
+  {
+    Certificate[] c = getLocalCertificates ();
+    if (c != null && c.length > 0 && (c[0] instanceof X509Certificate))
+      return ((X509Certificate) c[0]).getSubjectX500Principal ();
+    return null;
+  }
+
+  /**
+   * Returns the remote peer's principal for this connection.
+   *
+   * <p>The default implementation will return the {@link
+   * javax.security.x500.X500Principal} for the end entity certificate
+   * in the remote peer's certificate chain if those certificates are
+   * of type {@link java.security.cert.X509Certificate}. Otherwise,
+   * this method returns <code>null</code>.
+   *
+   * @return The remote principal.
+   * @throws SSLPeerUnverifiedException If the remote peer has not
+   * been verified.
+   * @since 1.5
+   */
+  public Principal getPeerPrincipal () throws SSLPeerUnverifiedException
+  {
+    Certificate[] c = getServerCertificates ();
+    if (c != null && c.length > 0 && (c[0] instanceof X509Certificate))
+      return ((X509Certificate) c[0]).getSubjectX500Principal ();
+    return null;
+  }
+
   // Abstract methods.
   // -------------------------------------------------------------------
 
diff --git a/javax/net/ssl/KeyStoreBuilderParameters.java b/javax/net/ssl/KeyStoreBuilderParameters.java
new file mode 100644
index 000000000..2aa665ed5
--- /dev/null
+++ b/javax/net/ssl/KeyStoreBuilderParameters.java
@@ -0,0 +1,48 @@
+/* KeyStoreBuilderParameters.java -- 
+   Copyright (C) 2006  Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.  */
+
+
+package javax.net.ssl;
+
+/**
+ * <p style="color: red;"><b>FIXME</b> this class is currently a stub;
+ * it depends on an implementation of {@link
+ * java.security.KeyStore.Builder}</p>.
+ */
+public class KeyStoreBuilderParameters implements ManagerFactoryParameters
+{
+}
diff --git a/javax/net/ssl/SSLContext.java b/javax/net/ssl/SSLContext.java
index eaf3e3638..3f284ab1a 100644
--- a/javax/net/ssl/SSLContext.java
+++ b/javax/net/ssl/SSLContext.java
@@ -188,6 +188,31 @@ public class SSLContext
   // -----------------------------------------------------------------
 
   /**
+   * Creates a new {@link SSLEngine} for this context.
+   *
+   * @return The new SSLEngine.
+   * @since 1.5
+   */
+  public final SSLEngine createSSLEngine ()
+  {
+    return ctxSpi.engineCreateSSLEngine ();
+  }
+
+  /**
+   * Creates a new {@link SSLEngine} for this context, with a given
+   * host name and port number.
+   *
+   * @param host The local host name.
+   * @param port The local port number.
+   * @return The new SSLEngine.
+   * @since 1.5
+   */
+  public final SSLEngine createSSLEngine (final String host, final int port)
+  {
+    return ctxSpi.engineCreateSSLEngine (host, port);
+  }
+
+  /**
    * Returns the set of SSL contexts available for client connections.
    *
    * @return The set of SSL contexts available for client connections.
diff --git a/javax/net/ssl/SSLContextSpi.java b/javax/net/ssl/SSLContextSpi.java
index a6b0c7581..03c44f85e 100644
--- a/javax/net/ssl/SSLContextSpi.java
+++ b/javax/net/ssl/SSLContextSpi.java
@@ -64,6 +64,28 @@ public abstract class SSLContextSpi
   // Abstract methods.
   // -------------------------------------------------------------------
 
+  // Sun, you've broken existing applications by introducing new
+  // abstract methods! Goodjob!!!
+
+  /**
+   * Returns a new {@link SSLEngine} for this context.
+   *
+   * @return A new SSLEngine.
+   * @since 1.5
+   */
+  protected abstract SSLEngine engineCreateSSLEngine ();
+
+  /**
+   * Returns a new {@link SSLEngine} for this context, for the given
+   * host name and port number.
+   *
+   * @param host The local host name.
+   * @param port The local port number.
+   * @return A new SSLEngine.
+   * @since 1.5
+   */
+  protected abstract SSLEngine engineCreateSSLEngine (String host, int port);
+
   /**
    * Returns the set of SSL sessions available for client connections.
    *
diff --git a/javax/net/ssl/SSLEngine.java b/javax/net/ssl/SSLEngine.java
new file mode 100644
index 000000000..efab9725b
--- /dev/null
+++ b/javax/net/ssl/SSLEngine.java
@@ -0,0 +1,442 @@
+/* SSLEngine.java -- advanced, generic utility for manipulating SSL messages.
+   Copyright (C) 2006  Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.  */
+
+
+package javax.net.ssl;
+
+import java.nio.ByteBuffer;
+
+/**
+ * A class for low-level message wrapping and unwrapping of SSL
+ * messages.
+ *
+ * @author Casey Marshall (csm@gnu.org)
+ * @since 1.5
+ */
+public abstract class SSLEngine
+{
+  private final String peerHost;
+  private final int peerPort;
+
+  /**
+   * Creates a new SSLEngine with no peer host name or port number.
+   */
+  protected SSLEngine ()
+  {
+    this (null, -1);
+  }
+
+  /**
+   * Creates a new SSLEngine with the specified peer host name and
+   * port number.
+   *
+   * @param peerHost The peer's host name.
+   * @param peerPort The peer's port number.
+   */
+  protected SSLEngine (String peerHost, int peerPort)
+  {
+    this.peerHost = peerHost;
+    this.peerPort = peerPort;
+  }
+
+
+
+  /**
+   * Begin, or restart, the SSL handshake.
+   *
+   * @throws SSLException
+   */
+  public abstract void beginHandshake () throws SSLException;
+
+  /**
+   * Close the inbound state.
+   *
+   * @throws SSLException
+   */
+  public abstract void closeInbound () throws SSLException;
+
+  /**
+   * Close the outbound state.
+   */
+  public abstract void closeOutbound ();
+
+  /**
+   *
+   */
+  public abstract Runnable getDelegatedTask ();
+
+  /**
+   * Returns the peer host name this SSL session is connected to, or
+   * <code>null</code> if this value was not set.
+   *
+   * @return The peer host's name.
+   */
+  public String getPeerHost ()
+  {
+    return peerHost;
+  }
+
+  /**
+   * Returns the peer IP port number this SSL session in communicating
+   * on, or -1 if this value was not set.
+   *
+   * @return The peer's port number.
+   */
+  public int getPeerPort ()
+  {
+    return peerPort;
+  }
+
+  /**
+   * Returns a list of SSL cipher suite names this SSLEngine is
+   * configured to use.
+   *
+   * @return The list of enabled cipher suite names.
+   */
+  public abstract String[] getEnabledCipherSuites();
+
+  /**
+   * Returns a list of SSL protocol version names this SSLEngine is
+   * configured to use.
+   *
+   * @return The list of enabled protocol names.
+   */
+  public abstract String[] getEnabledProtocols ();
+
+  /**
+   * Tells if sessions will be created by this engine, and therefore
+   * may be resumed at a later time.
+   *
+   * @return True if sessions will be created.
+   */
+  public abstract boolean getEnableSessionCreation();
+
+  /**
+   * Return the current handshake status.
+   *
+   * @return The current handshake status.
+   */
+  public abstract SSLEngineResult.HandshakeStatus getHandshakeStatus ();
+
+  /**
+   * Tells if this SSLEngine is configured to require client
+   * authentication when in server mode.
+   *
+   * @return True iff client authentication is required.
+   */
+  public abstract boolean getNeedClientAuth ();
+
+  /**
+   * Return the {@link SSLSession} object this connection represents.
+   *
+   * @return The SSL session.
+   */
+  public abstract SSLSession getSession ();
+
+  /**
+   * Returns a list of SSL cipher suite names this SSLEngine
+   * implementation supports.
+   *
+   * @return The list of cipher suite names supported by this
+   * implementation.
+   */
+  public abstract String[] getSupportedCipherSuites ();
+
+  /**
+   * Returns a list of SSL protocol version names this SSLEngine
+   * implementation supports. SSL protocol names include things like
+   * "SSLv3" or "TLSv1".
+   *
+   * @return The list of SSL protocol names
+   */
+  public abstract String[] getSupportedProtocols ();
+
+  /**
+   * Tells if this SSLEngine is a "client" session.
+   *
+   * @return True iff this session is configured for client mode.
+   */
+  public abstract boolean getUseClientMode ();
+
+  /**
+   * Tells if client authentication is requested, but not required,
+   * for sessions in server mode. If true, a server session will
+   * request an authentication message from connecting clients, but
+   * will still allow clients to connect if they cannot be
+   * authenticated.
+   *
+   * @return True iff client authentication is requested.
+   */
+  public abstract boolean getWantClientAuth ();
+
+  /**
+   * Tells if the incoming data stream is finished, and thus if no
+   * more data will be available to be unwrapped.
+   *
+   * @return True if no more data is to be unwrapped.
+   */
+  public abstract boolean isInboundDone ();
+
+  /**
+   * Tells if the outgoing data stream is finished, and thus if no
+   * more data may be wrapped.
+   *
+   * @return True if no more data may be wrapped.
+   */
+  public abstract boolean isOutboundDone ();
+
+  /**
+   * Sets the list of enabled cipher suites. The argument is an array
+   * of strings of the canonical suite names.
+   *
+   * @param suites The cipher suites to enable.
+   * @throws IllegalArgumentException If any of the specified suite
+   * strings is not supported by this implementation, or if the
+   * argument is null.
+   */
+  public abstract void setEnabledCipherSuites (String[] suites);
+
+  /**
+   * Sets the list of enabled protocol versions. The argument is an
+   * array of strings of the canonical protocol version names, such as
+   * "TLSv1".
+   *
+   * @param protocols The protocol versions to enable.
+   * @throws IllegalArgumentException If any of the specified
+   * protocols are not supported, or if the argument is null.
+   */
+  public abstract void setEnabledProtocols (String[] protocols);
+
+  /**
+   * Enables or disables session creation. If enabled, each connection
+   * will create session that may be resumed by another connection.
+   *
+   * @param create Whether or not to enable session creation.
+   */
+  public abstract void setEnableSessionCreation (boolean create);
+
+  /**
+   * Enables client or server mode. If the argument is true, this
+   * engine will run in client mode; if false, server mode.
+   *
+   * @param clientMode Whether or not to use client mode.
+   */
+  public abstract void setUseClientMode (boolean clientMode);
+
+  /**
+   * Enables or disables required client authentication. If enabled,
+   * clients may only connect if they provide proper identification.
+   *
+   * <p>This parameter is only used in server mode.
+   *
+   * @param needAuth Whether or not client authentication is required.
+   */
+  public abstract void setNeedClientAuth (boolean needAuth);
+
+  /**
+   * Enables or disables requested client authentication. If enabled,
+   * clients will be asked to provide proper identification, but will
+   * still be allowed to connect if they do not provide it.
+   *
+   * <p>This parameter is only used in server mode.
+   *
+   * @param wantAuth Whether or not client authentication will be
+   * requested, but not required.
+   */
+  public abstract void setWantClientAuth (boolean wantAuth);
+
+  /**
+   * Unwraps a byte buffer recieved from the network, storing the
+   * decrypted, unwrapped bytes into the given buffer.
+   *
+   * <p>This call is exactly equivalent to <code>unwrap (source, new
+   * ByteBuffer[] { sink }, 0, 1)</code>.
+   *
+   * @param source The source bytes, coming from the network.
+   * @param sink The buffer to hold the unwrapped message.
+   * @return An engine result object for the operation.
+   * @throws SSLException If an SSL message parsing error occurs.
+   * @throws java.nio.ReadOnlyBufferException If 'sink' is not
+   * writable.
+   * @throws IllegalArgumentException If either 'source' or 'sink' is
+   * null.
+   * @throws IllegalStateException If this engine has not been put
+   * into client or server mode.
+   */
+  public SSLEngineResult unwrap (ByteBuffer source, ByteBuffer sink)
+    throws SSLException
+  {
+    return unwrap (source, new ByteBuffer[] { sink }, 0, 1);
+  }
+
+  /**
+   * Unwraps a byte buffer recieved from the network, storing the
+   * decrypted, unwrapped bytes into the given buffers.
+   *
+   * <p>This call is exactly equivalent to <code>unwrap (source,
+   * sinks, 0, sinks.length)</code>.
+   *
+   * @param source The source bytes, coming from the network.
+   * @param sinks The buffers to hold the unwrapped message.
+   * @return An engine result object for the operation.
+   * @throws SSLException If an SSL message parsing error occurs.
+   * @throws java.nio.ReadOnlyBufferException If any buffer in 'sinks'
+   * is not writable.
+   * @throws IllegalArgumentException If either 'source' or 'sinks' is
+   * null.
+   * @throws IllegalStateException If this engine has not been put
+   * into client or server mode.
+   */
+  public SSLEngineResult unwrap (ByteBuffer source, ByteBuffer[] sinks)
+    throws SSLException
+  {
+    return unwrap (source, sinks, 0, sinks.length);
+  }
+
+  /**
+   * Unwraps a byte buffer received from the network, storing the
+   * decrypted, unwrapped bytes into the given buffers. After
+   * unwrapping, the bytes placed into the sink buffers are ready for
+   * consumption by the application.
+   *
+   * <p>This method may place no bytes in the destination buffer; for
+   * example, if this engine is still performing the SSL handshake,
+   * only handshake data will be consumed, and no application data.
+   *
+   * <p>It is stated that this method may modify the source buffer,
+   * and that it must not be passed to another SSLEngine (SSL
+   * connections are independent, so another SSLEngine will not have
+   * the parameters or state to handle messages meant for this
+   * engine).
+   *
+   * @param source The source bytes, coming from the network.
+   * @param sinks The buffers to hold the unwrapped message.
+   * @param offset The index of the first buffer in 'sinks' to use.
+   * @param length The number of buffers in 'sinks' to use.
+   * @return An engine result object for the operation.
+   * @throws SSLException If an SSL message parsing error occurs.
+   * @throws java.nio.ReadOnlyBufferException If any buffer in 'sinks'
+   * is not writable.
+   * @throws IllegalArgumentException If either 'source' or 'sinks' is
+   * null.
+   * @throws IllegalStateException If this engine has not been put
+   * into client or server mode.
+   * @throws IndexOutOfBoundsException If 'offset' or 'length' is
+   * negative, or if 'length+offset' is greater than 'sinks.length'.
+   */
+  public abstract SSLEngineResult unwrap (ByteBuffer source,
+					  ByteBuffer[] sinks, int offset,
+					  int length)
+    throws javax.net.ssl.SSLException;
+
+  /**
+   * Wraps a byte buffer into an SSL message, for preparation to send
+   * it over the network.
+   *
+   * <p>This method is exactly equivalent to <code>wrap (new
+   * ByteBuffer[] { source }, 0, 1, sink)</code>.
+   *
+   * @param source The source buffer with application data.
+   * @param sink The buffer to hold the wrapped data.
+   * @return An engine result object for the operation.
+   * @throws SSLException If an SSL error occurs.
+   * @throws java.nio.ReadOnlyBufferException If 'sink' is read-only.
+   * @throws IllegalArgumentException If either 'source' or 'sink' is
+   * null.
+   * @throws IllegalStateException If this engine has not been put
+   * into client or server mode.
+   */
+  public SSLEngineResult wrap (ByteBuffer source, ByteBuffer sink)
+    throws SSLException
+  {
+    return wrap (new ByteBuffer[] { source }, 0, 1, sink);
+  }
+
+  /**
+   * Wraps byte buffers into an SSL message, for preparation to send
+   * them over the network.
+   *
+   * <p>This method is exactly equivalent to <code>wrap (sources, 0,
+   * 1, sink)</code>.
+   *
+   * @param sources The source buffers with application data.
+   * @param sink The buffer to hold the wrapped data.
+   * @return An engine result object for the operation.
+   * @throws SSLException If an SSL error occurs.
+   * @throws java.nio.ReadOnlyBufferException If 'sink' is read-only.
+   * @throws IllegalArgumentException If either 'sources' or 'sink' is
+   * null.
+   * @throws IllegalStateException If this engine has not been put
+   * into client or server mode.
+   */
+  public SSLEngineResult wrap (ByteBuffer[] sources, ByteBuffer sink)
+    throws SSLException
+  {
+    return wrap (sources, 0, sources.length, sink);
+  }
+
+  /**
+   * Wraps byte buffers into an SSL message, for preparation to send
+   * them over the network. After wrapping, the data in the sink
+   * buffer is ready to be sent over the transport layer.
+   *
+   * <p>This method may consume no data from the source buffers, and
+   * yet still produce output that should be sent accross the wire;
+   * for example if this engine has not yet completed the SSL
+   * handshake, the sink buffer will be filled with handshake
+   * messages.
+   *
+   * @param sources The source buffers with application data.
+   * @param offset The offset into the source buffers to start reading
+   * application data.
+   * @param length The number of buffers to read from 'sources'.
+   * @param sink The buffer to hold the wrapped data.
+   * @return An engine result object for the operation.
+   * @throws SSLException If an SSL error occurs.
+   * @throws java.nio.ReadOnlyBufferException If 'sink' is read-only.
+   * @throws IllegalArgumentException If either 'sources' or 'sink' is
+   * null.
+   * @throws IllegalStateException If this engine has not been put
+   * into client or server mode.
+   * @throws IndexOutOfBoundsException If 'offset' or 'length' is
+   * negative, or if 'length+offset' is greater than 'sources.length'.
+   */
+  public abstract SSLEngineResult wrap (ByteBuffer[] sources, int offset,
+					int length, ByteBuffer sink)
+    throws SSLException;
+
+}
diff --git a/javax/net/ssl/SSLEngineResult.java b/javax/net/ssl/SSLEngineResult.java
new file mode 100644
index 000000000..0aaa6ac0e
--- /dev/null
+++ b/javax/net/ssl/SSLEngineResult.java
@@ -0,0 +1,245 @@
+/* SSLEngineResult.java -- 
+   Copyright (C) 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+02111-1307 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package javax.net.ssl;
+
+import gnu.java.lang.PseudoEnum;
+
+/**
+ * A result from an {@link SSLEngine} <code>wrap</code> or
+ * <code>unwrap</code> operation. This class conveys a possibly
+ * intermediate result, and may ask for more input data or request
+ * that output data be sent over a connection.
+ */
+public class SSLEngineResult
+{
+  private final HandshakeStatus handshakeStatus;
+  private final Status status;
+  private final int bytesConsumed;
+  private final int bytesProduced;
+
+  /**
+   * Creates a new SSL engine result.
+   *
+   * @param status The status of the SSL connection.
+   * @param handshakeStatus The status of the SSL handshake.
+   * @param bytesConsumed The number of bytes consumed by the previous
+   * operation.
+   * @param bytesProduced The number of bytes produced by the previous
+   * operation.
+   * @throws IllegalArgumentException If either enum value is
+   * <code>null</code>, or if either integer is negative.
+   */
+  public SSLEngineResult (Status status, HandshakeStatus handshakeStatus,
+			  int bytesConsumed, int bytesProduced)
+  {
+    if (status == null)
+      throw new IllegalArgumentException ("'status' may not be null");
+    if (handshakeStatus == null)
+      throw new IllegalArgumentException ("'handshakeStatus' may not be null");
+    if (bytesConsumed < 0)
+      throw new IllegalArgumentException ("'bytesConumed' must be nonnegative");
+    if (bytesProduced < 0)
+      throw new IllegalArgumentException ("'bytesProduced' must be nonnegative");
+    this.status = status;
+    this.handshakeStatus = handshakeStatus;
+    this.bytesConsumed = bytesConsumed;
+    this.bytesProduced = bytesProduced;
+  }
+
+
+
+  /**
+   * An enumeration of possible general states.
+   */
+  public static class Status extends PseudoEnum // FIXME ENUM 1.5
+  {
+
+    /**
+     * There were not enough input bytes available to complete the
+     * operation.
+     */
+    public static final Status BUFFER_UNDERFLOW = new Status (0, "BUFFER_UNDERFLOW");
+
+    /**
+     * There was not enough space for the output message.
+     */
+    public static final Status BUFFER_OVERFLOW = new Status (1, "BUFFER_OVERFLOW");
+
+    /**
+     * Okay. No error.
+     */
+    public static final Status OK = new Status (2, "OK");
+
+    /**
+     * The connection is closed.
+     */
+    public static final Status CLOSED = new Status (3, "CLOSED");
+
+    private Status (final int ordinal, final String name)
+    {
+      super (ordinal, name, Status.class);
+    }
+
+    public static Status[] values ()
+    {
+      return new Status[] { BUFFER_UNDERFLOW, BUFFER_OVERFLOW, OK, CLOSED };
+    }
+
+    public static Status valueOf (final String name)
+    {
+      if (name.equals ("BUFFER_UNDERFLOW"))
+	return BUFFER_UNDERFLOW;
+      if (name.equals ("BUFFER_OVERFLOW"))
+	return BUFFER_OVERFLOW;
+      if (name.equals ("OK"))
+	return OK;
+      if (name.equals ("CLOSED"))
+	return CLOSED;
+      throw new IllegalArgumentException (name);
+    }
+  }
+
+  /**
+   * An enumeration of possible handshake status states.
+   */
+  public static class HandshakeStatus extends PseudoEnum // FIXME ENUM 1.5
+  {
+
+    /**
+     * Not currently handshaking.
+     */
+    public static final HandshakeStatus NOT_HANDSHAKING = new HandshakeStatus (0, "NOT_HANDSHAKING");
+
+    /**
+     * The handshake is finished.
+     */
+    public static final HandshakeStatus FINISHED = new HandshakeStatus (1, "FINISHED");
+
+    /**
+     * Needs the status of one or more delegated tasks.
+     */
+    public static final HandshakeStatus NEED_TASK = new HandshakeStatus (2, "NEED_TASK");
+
+    /**
+     * Has data prepared for output, and needs a new call to
+     * <code>wrap</code>.
+     */
+    public static final HandshakeStatus NEED_WRAP = new HandshakeStatus (3, "NEED_WRAP");
+
+    /**
+     * Is waiting for more input.
+     */
+    public static final HandshakeStatus NEED_UNWRAP = new HandshakeStatus (4, "NEED_UNWRAP");
+
+    private HandshakeStatus (final int ordinal, final String name)
+    {
+      super (ordinal, name, HandshakeStatus.class);
+    }
+
+    public static HandshakeStatus[] values ()
+    {
+      return new HandshakeStatus[] { NOT_HANDSHAKING, FINISHED, NEED_TASK,
+				     NEED_WRAP, NEED_UNWRAP };
+    }
+
+    public static HandshakeStatus valueOf (final String name)
+    {
+      if (name.equals ("NOT_HANDSHAKING"))
+	return NOT_HANDSHAKING;
+      if (name.equals ("FINISHED"))
+	return FINISHED;
+      if (name.equals ("NEED_TASK"))
+	return NEED_TASK;
+      if (name.equals ("NEED_WRAP"))
+	return NEED_WRAP;
+      if (name.equals ("NEED_UNWRAP"))
+	return NEED_UNWRAP;
+      throw new IllegalArgumentException (name);
+    }
+  }
+
+
+
+  /**
+   * Returns the number of bytes consumed by the previous operation.
+   *
+   * @return The number of bytes consumed.
+   */
+  public int bytesConsumed ()
+  {
+    return bytesConsumed;
+  }
+
+  /**
+   * Returns the number of bytes produced by the previous operation.
+   *
+   * @return The number of bytes produced.
+   */
+  public int bytesProduced ()
+  {
+    return bytesProduced;
+  }
+
+  /**
+   * Returns the handshake status.
+   *
+   * @return The handshake status.
+   */
+  public HandshakeStatus getHandshakeStatus ()
+  {
+    return handshakeStatus;
+  }
+
+  /**
+   * Returns the connection status.
+   *
+   * @return The connection status.
+   */
+  public Status getStatus ()
+  {
+    return status;
+  }
+
+  public String toString ()
+  {
+    return (super.toString () + " [ status: " + status + "; handshakeStatus: "
+	    + handshakeStatus + "; bytesConsumed: " + bytesConsumed
+	    + "; bytesProduced: " + bytesProduced + " ]");
+  }
+}
diff --git a/javax/net/ssl/SSLSession.java b/javax/net/ssl/SSLSession.java
index 9400a1a51..c8a4785f9 100644
--- a/javax/net/ssl/SSLSession.java
+++ b/javax/net/ssl/SSLSession.java
@@ -38,6 +38,7 @@ exception statement from your version. */
 
 package javax.net.ssl;
 
+import java.security.Principal;
 import java.security.cert.Certificate;
 
 import javax.security.cert.X509Certificate;
@@ -48,6 +49,20 @@ import javax.security.cert.X509Certificate;
  */
 public interface SSLSession
 {
+
+  /**
+   * Returns the size of the largest application data buffer that can
+   * occur in this session.
+   *
+   * <p>Buffers passed to handle the incoming data for the
+   * <code>unwrap</code> method of SSLEngine must be at least this
+   * large.
+   *
+   * @return The size of application buffers.
+   * @since 1.5
+   */
+  int getApplicationBufferSize ();
+
   /**
    * Returns this session's cihper suite.
    *
@@ -87,6 +102,28 @@ public interface SSLSession
   Certificate[] getLocalCertificates();
 
   /**
+   * Returns the {@link Principal} representing the local identity
+   * used in this session, or <code>null</code> if there is no local
+   * identity.
+   *
+   * @return The local principal.
+   */
+  Principal getLocalPrincipal ();
+
+  /**
+   * Returns the size of the largest SSL message that will be
+   * generated by this session.
+   *
+   * <p>Callers of <code>wrap</code> and <code>unwrap</code> should
+   * use this value to determine the size of buffers for data coming
+   * into, or going out over, the network.
+   *
+   * @returns The maximum network packet size.
+   * @since 1.5
+   */
+  int getPacketBufferSize ();
+
+  /**
    * Returns the chain of certificates that the remote side used in
    * the handshake, or null if none were used.
    *
@@ -115,6 +152,27 @@ public interface SSLSession
   String getPeerHost();
 
   /**
+   * Returns the port number the remote peer is using for this
+   * session.
+   *
+   * @return The peer's port number.
+   * @since 1.5
+   */
+  int getPeerPort ();
+
+  /**
+   * Returns the {@link Principal} representing the identity of the
+   * remote peer, or <code>null</code> if the remote peer has no known
+   * identity.
+   *
+   * @return The remote peer's principal.
+   * @throws SSLPeerUnverifiedException If the remote peer's identity
+   * could not be verified.
+   * @since 1.5
+   */
+  Principal getPeerPrincipal () throws SSLPeerUnverifiedException;
+
+  /**
    * Returns the protocol this session uses.
    *
    * @return The protocol.
@@ -152,6 +210,15 @@ public interface SSLSession
   void invalidate();
 
   /**
+   * Tells if this session is currently valid, and may be resumed.
+   *
+   * @return True if this session is valid.
+   * @since 1.5
+   * @see #invalidate()
+   */
+  boolean isValid ();
+
+  /**
    * Binds a value to this session, with the given name.
    *
    * @param name The name to bind the object with.
diff --git a/javax/net/ssl/X509ExtendedKeyManager.java b/javax/net/ssl/X509ExtendedKeyManager.java
new file mode 100644
index 000000000..ccd146f82
--- /dev/null
+++ b/javax/net/ssl/X509ExtendedKeyManager.java
@@ -0,0 +1,96 @@
+/* X509ExtendedKeyManager.java -- 
+   Copyright (C) 2006  Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.  */
+
+
+package javax.net.ssl;
+
+import java.security.Principal;
+
+/**
+ * An extended {@link X509KeyManager} for use with {@link SSLEngine}.
+ *
+ * @since 1.5
+ * @author Casey Marshall (csm@gnu.org)
+ */
+public abstract class X509ExtendedKeyManager implements X509KeyManager
+{
+
+  /**
+   * Default constructor.
+   */
+  protected X509ExtendedKeyManager ()
+  {
+  }
+
+  /**
+   * Return a client alias given a list of key types, a list of
+   * allowable issuers, and the SSLEngine being used.
+   *
+   * <p>This implementation always returns <code>null</code>.
+   *
+   * @param keyTypes The list of desired key types.
+   * @param issuers The list of desired key issuers.
+   * @param engine This client's SSLEngine.
+   * @return A key alias that matches the given parameters, or
+   * <code>null</code> if the parameters were not matched.
+   */
+  public String chooseEngineClientAlias (final String[] keyTypes,
+                                         final Principal[] issuers,
+                                         final SSLEngine engine)
+  {
+    return null;
+  }
+
+  /**
+   * Return a server alias given a key type, a list of allowable
+   * issuers, and the SSLEngine being used.
+   *
+   * <p>This implementation always returns <code>null</code>.
+   *
+   * @param keyType The desired key type.
+   * @param issuers The list of desired key issuers.
+   * @param engine The server's SSLEngine.
+   * @return A key alias that matches the given parameters, or
+   * <code>null</code> if the parameters were not matched.
+   */
+  public String chooseEngineServerAlias (final String keyType,
+                                         final Principal[] issuers,
+                                         final SSLEngine engine)
+  {
+    return null;
+  }
+}