Missed files from previous checkin.

5 files changed, 789 insertions, 0 deletions

diff --git a/gnu/javax/net/ssl/provider/SSLContextImpl.java b/gnu/javax/net/ssl/provider/SSLContextImpl.java
new file mode 100644
index 000000000..be75cb028
--- /dev/null
+++ b/gnu/javax/net/ssl/provider/SSLContextImpl.java
@@ -0,0 +1,322 @@
+/* SSLContextImpl.java -- 
+   Copyright (C) 2006  Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.javax.net.ssl.provider;
+
+import gnu.javax.net.ssl.AbstractSessionContext;
+import gnu.javax.net.ssl.NullManagerParameters;
+import gnu.javax.net.ssl.SRPTrustManager;
+import gnu.javax.net.ssl.StaticTrustAnchors;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.SecureRandom;
+import java.security.UnrecoverableKeyException;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContextSpi;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSessionContext;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509ExtendedKeyManager;
+import javax.net.ssl.X509KeyManager;
+import javax.net.ssl.X509TrustManager;
+
+/**
+ * Our implementation of {@link SSLContextSpi}.
+ * 
+ * @author Casey Marshall (csm@gnu.org)
+ */
+public final class SSLContextImpl
+  extends SSLContextSpi
+{
+  private SSLSessionContext serverContext;
+  private SSLSessionContext clientContext;
+  
+  X509ExtendedKeyManager keyManager;
+  X509TrustManager trustManager;
+  SRPTrustManager srpTrustManager;
+  SecureRandom random;
+
+  public SSLContextImpl()
+  {
+  }
+  
+  /* (non-Javadoc)
+   * @see javax.net.ssl.SSLContextSpi#engineCreateSSLEngine()
+   */
+  protected @Override SSLEngine engineCreateSSLEngine()
+  {
+    return engineCreateSSLEngine(null, -1);
+  }
+
+  /* (non-Javadoc)
+   * @see javax.net.ssl.SSLContextSpi#engineCreateSSLEngine(java.lang.String, int)
+   */
+  protected @Override SSLEngine engineCreateSSLEngine(String host, int port)
+  {
+    return new SSLEngineImpl(this, host, port);
+  }
+
+  /* (non-Javadoc)
+   * @see javax.net.ssl.SSLContextSpi#engineGetClientSessionContext()
+   */
+  protected @Override synchronized SSLSessionContext engineGetClientSessionContext()
+  {
+    if (clientContext == null)
+      {
+        try
+          {
+            clientContext = AbstractSessionContext.newInstance();
+          }
+        catch (SSLException ssle)
+          {
+            // XXX Ignore?
+          }
+      }
+    return clientContext;
+  }
+
+  /* (non-Javadoc)
+   * @see javax.net.ssl.SSLContextSpi#engineGetServerSessionContext()
+   */
+  protected @Override synchronized SSLSessionContext engineGetServerSessionContext()
+  {
+    if (serverContext == null)
+      {
+        try
+          {
+            serverContext = AbstractSessionContext.newInstance();
+          }
+        catch (SSLException ssle)
+          {
+            // XXX Ignore?
+          }
+      }
+    return serverContext;
+  }
+
+  /* (non-Javadoc)
+   * @see javax.net.ssl.SSLContextSpi#engineGetServerSocketFactory()
+   */
+  protected @Override SSLServerSocketFactory engineGetServerSocketFactory()
+  {
+    // TODO Auto-generated method stub
+    return null;
+  }
+
+  /* (non-Javadoc)
+   * @see javax.net.ssl.SSLContextSpi#engineGetSocketFactory()
+   */
+  protected @Override SSLSocketFactory engineGetSocketFactory()
+  {
+    // TODO Auto-generated method stub
+    return null;
+  }
+
+  /* (non-Javadoc)
+   * @see javax.net.ssl.SSLContextSpi#engineInit(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], java.security.SecureRandom)
+   */
+  protected @Override void engineInit(KeyManager[] keyManagers,
+                                      TrustManager[] trustManagers,
+                                      SecureRandom random)
+    throws KeyManagementException
+  {
+    keyManager = null;
+    trustManager = null;
+    srpTrustManager = null;
+    if (keyManagers != null)
+      {
+        for (int i = 0; i < keyManagers.length; i++)
+          {
+            if (keyManagers[i] instanceof X509ExtendedKeyManager)
+              {
+                keyManager = (X509ExtendedKeyManager) keyManagers[i];
+                break;
+              }
+          }
+      }
+    if (keyManager == null)
+      {
+        keyManager = defaultKeyManager();
+      }
+    if (trustManagers != null)
+      {
+        for (int i = 0; i < trustManagers.length; i++)
+          {
+            if (trustManagers[i] instanceof X509TrustManager)
+              {
+                if (trustManager == null)
+                  {
+                    trustManager = (X509TrustManager) trustManagers[i];
+                  }
+              }
+            else if (trustManagers[i] instanceof SRPTrustManager)
+              {
+                if (srpTrustManager == null)
+                  {
+                    srpTrustManager = (SRPTrustManager) trustManagers[i];
+                  }
+              }
+          }
+      }
+    if (trustManager == null && srpTrustManager == null)
+      {
+        trustManager = defaultTrustManager();
+      }
+    if (random != null)
+      {
+        this.random = random;
+      }
+    else
+      {
+        this.random = defaultRandom();
+      }
+  }
+  
+  /**
+   * Create and return a default key manager. The default is the JessieX509
+   * algorithm, loaded from either the jssecerts file, or the cacerts file.
+   * 
+   * @return The default key manager instance.
+   * @throws KeyManagementException If the instance cannot be created.
+   */
+  private X509ExtendedKeyManager defaultKeyManager() throws KeyManagementException
+  {
+    KeyManagerFactory fact = null;
+    try
+      {
+        fact = KeyManagerFactory.getInstance("JessieX509", "Jessie");
+      }
+    catch (NoSuchAlgorithmException nsae)
+      {
+        throw new KeyManagementException(nsae);
+      }
+    catch (NoSuchProviderException nspe)
+      {
+        throw new KeyManagementException(nspe);
+      }
+    try
+      {
+        fact.init(null, null);
+        return (X509ExtendedKeyManager) fact.getKeyManagers()[0];
+      }
+    catch (NoSuchAlgorithmException nsae) { }
+    catch (KeyStoreException kse) { }
+    catch (UnrecoverableKeyException uke) { }
+    catch (IllegalStateException ise) { }
+
+    try
+      {
+        fact.init(new NullManagerParameters());
+        return (X509ExtendedKeyManager) fact.getKeyManagers()[0];
+      }
+    catch (Exception shouldNotHappen)
+      {
+        throw new Error(shouldNotHappen.toString());
+      }
+  }
+
+  /**
+   * Create and return a default trust manager. The default is the JessieX509
+   * algorithm, loaded from either the jssecerts file, or the cacerts file.
+   * 
+   * @return The default trust manager instance.
+   * @throws KeyManagementException If the instance cannot be created.
+   */
+  private X509TrustManager defaultTrustManager() throws KeyManagementException
+  {
+    try
+      {
+        TrustManagerFactory fact =
+          TrustManagerFactory.getInstance("JessieX509", "Jessie");
+        fact.init((KeyStore) null);
+        return (X509TrustManager) fact.getTrustManagers()[0];
+      }
+    catch (NoSuchAlgorithmException nsae)
+      {
+        throw new KeyManagementException(nsae);
+      }
+    catch (NoSuchProviderException nspe)
+      {
+        throw new KeyManagementException(nspe);
+      }
+    catch (KeyStoreException kse)
+      {
+        throw new KeyManagementException(kse);
+      }
+  }
+
+  /**
+   * Create a default secure PRNG. This is defined as either the algorithm
+   * given in the <code>gnu.javax.net.ssl.secureRandom</code> security
+   * property, or Fortuna if that property is not set. If none of these
+   * algorithms can be found, and instance created with the SecureRandom
+   * constructor is returned.
+   * 
+   * @return The default secure PRNG instance.
+   */
+  private SecureRandom defaultRandom()
+  {
+    String alg = Util.getSecurityProperty("gnu.javax.net.ssl.secureRandom");
+    if (alg == null)
+      {
+        alg = "Fortuna";
+      }
+    SecureRandom rand = null;
+    try
+      {
+        rand = SecureRandom.getInstance(alg);
+      }
+    catch (NoSuchAlgorithmException nsae)
+      {
+        rand = new SecureRandom();
+      }
+
+    return rand;
+  }
+}
\ No newline at end of file
diff --git a/gnu/javax/net/ssl/provider/SSLv3HMacMD5Impl.java b/gnu/javax/net/ssl/provider/SSLv3HMacMD5Impl.java
new file mode 100644
index 000000000..763bbaf3b
--- /dev/null
+++ b/gnu/javax/net/ssl/provider/SSLv3HMacMD5Impl.java
@@ -0,0 +1,116 @@
+/* SSLv3HMacMD5.java -- 
+   Copyright (C) 2006  Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.javax.net.ssl.provider;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.Collections;
+import java.util.Map;
+
+import javax.crypto.MacSpi;
+import javax.crypto.SecretKey;
+
+/**
+ * @author csm
+ */
+public class SSLv3HMacMD5Impl extends MacSpi
+{
+  private final SSLHMac adaptee;
+
+  public SSLv3HMacMD5Impl()
+  {
+    adaptee = new SSLHMac("MD5");
+  }
+  
+  /* (non-Javadoc)
+   * @see javax.crypto.MacSpi#engineDoFinal()
+   */
+  @Override protected byte[] engineDoFinal()
+  {
+    return adaptee.digest();
+  }
+
+  /* (non-Javadoc)
+   * @see javax.crypto.MacSpi#engineGetMacLength()
+   */
+  @Override protected int engineGetMacLength()
+  {
+    return adaptee.macSize();
+  }
+
+  /* (non-Javadoc)
+   * @see javax.crypto.MacSpi#engineInit(java.security.Key, java.security.spec.AlgorithmParameterSpec)
+   */
+  @Override protected void engineInit(Key key, AlgorithmParameterSpec params)
+      throws InvalidAlgorithmParameterException, InvalidKeyException
+  {
+    if (!(key instanceof SecretKey)
+        || !key.getAlgorithm().equalsIgnoreCase("SSLv3HMac-MD5"))
+      throw new InvalidKeyException("expecting secret key with algorithm \"SSLv3HMac-MD5\"");
+    Map<String,byte[]> attr =
+      Collections.singletonMap(SSLHMac.MAC_KEY_MATERIAL, key.getEncoded());
+    adaptee.init(attr);
+  }
+
+  /* (non-Javadoc)
+   * @see javax.crypto.MacSpi#engineReset()
+   */
+  @Override protected void engineReset()
+  {
+    adaptee.reset();
+  }
+
+  /* (non-Javadoc)
+   * @see javax.crypto.MacSpi#engineUpdate(byte)
+   */
+  @Override protected void engineUpdate(byte input)
+  {
+    adaptee.update(input);
+  }
+
+  /* (non-Javadoc)
+   * @see javax.crypto.MacSpi#engineUpdate(byte[], int, int)
+   */
+  @Override protected void engineUpdate(byte[] input, int offset, int length)
+  {
+    adaptee.update(input, offset, length);
+  }
+}
diff --git a/gnu/javax/net/ssl/provider/SSLv3HMacSHAImpl.java b/gnu/javax/net/ssl/provider/SSLv3HMacSHAImpl.java
new file mode 100644
index 000000000..008a21c04
--- /dev/null
+++ b/gnu/javax/net/ssl/provider/SSLv3HMacSHAImpl.java
@@ -0,0 +1,116 @@
+/* SSLv3HMacSHA.java -- 
+   Copyright (C) 2006  Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.javax.net.ssl.provider;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.Collections;
+import java.util.Map;
+
+import javax.crypto.MacSpi;
+import javax.crypto.SecretKey;
+
+/**
+ * @author csm
+ */
+public class SSLv3HMacSHAImpl extends MacSpi
+{
+  private final SSLHMac adaptee;
+
+  public SSLv3HMacSHAImpl()
+  {
+    adaptee = new SSLHMac("SHA-160");
+  }
+  
+  /* (non-Javadoc)
+   * @see javax.crypto.MacSpi#engineDoFinal()
+   */
+  @Override protected byte[] engineDoFinal()
+  {
+    return adaptee.digest();
+  }
+
+  /* (non-Javadoc)
+   * @see javax.crypto.MacSpi#engineGetMacLength()
+   */
+  @Override protected int engineGetMacLength()
+  {
+    return adaptee.macSize();
+  }
+
+  /* (non-Javadoc)
+   * @see javax.crypto.MacSpi#engineInit(java.security.Key, java.security.spec.AlgorithmParameterSpec)
+   */
+  @Override protected void engineInit(Key key, AlgorithmParameterSpec params)
+      throws InvalidAlgorithmParameterException, InvalidKeyException
+  {
+    if (!(key instanceof SecretKey)
+        || !key.getAlgorithm().equalsIgnoreCase("SSLv3HMac-SHA"))
+      throw new InvalidKeyException("expecting secret key with algorithm \"SSLv3HMac-SHA\"");
+    Map<String,byte[]> attr =
+      Collections.singletonMap(SSLHMac.MAC_KEY_MATERIAL, key.getEncoded());
+    adaptee.init(attr);
+  }
+
+  /* (non-Javadoc)
+   * @see javax.crypto.MacSpi#engineReset()
+   */
+  @Override protected void engineReset()
+  {
+    adaptee.reset();
+  }
+
+  /* (non-Javadoc)
+   * @see javax.crypto.MacSpi#engineUpdate(byte)
+   */
+  @Override protected void engineUpdate(byte input)
+  {
+    adaptee.update(input);
+  }
+
+  /* (non-Javadoc)
+   * @see javax.crypto.MacSpi#engineUpdate(byte[], int, int)
+   */
+  @Override protected void engineUpdate(byte[] input, int offset, int length)
+  {
+    adaptee.update(input, offset, length);
+  }
+}
diff --git a/gnu/javax/net/ssl/provider/ServerKeyExchangeBuilder.java b/gnu/javax/net/ssl/provider/ServerKeyExchangeBuilder.java
new file mode 100644
index 000000000..d4b6fa397
--- /dev/null
+++ b/gnu/javax/net/ssl/provider/ServerKeyExchangeBuilder.java
@@ -0,0 +1,89 @@
+/* ServerKeyExchangeBuilder.java -- 
+   Copyright (C) 2006  Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.javax.net.ssl.provider;
+
+import java.nio.ByteBuffer;
+
+/**
+ * Builder for {@link ServerKeyExchange} objects.
+ * 
+ * @author Casey Marshall (csm@gnu.org)
+ */
+public class ServerKeyExchangeBuilder extends ServerKeyExchange
+    implements Builder
+{
+  public ServerKeyExchangeBuilder(final CipherSuite suite)
+  {
+    super(ByteBuffer.allocate(1024), suite);
+  }
+
+  /* (non-Javadoc)
+   * @see gnu.javax.net.ssl.provider.Builder#buffer()
+   */
+  public ByteBuffer buffer()
+  {
+    return ((ByteBuffer) buffer.duplicate().position(0).limit(length())).slice();
+  }
+
+  public void setParams(ByteBuffer params)
+  {
+    if (suite.keyExchangeAlgorithm() == KeyExchangeAlgorithm.NONE)
+      throw new IllegalArgumentException("key exchange algorithm is none");
+    ensureCapacity(params.remaining());
+    buffer.duplicate().put(params);
+  }
+  
+  public void setSignature(ByteBuffer signature)
+  {
+    if (suite.keyExchangeAlgorithm() == KeyExchangeAlgorithm.NONE)
+      throw new IllegalArgumentException("key exchange algorithm is none");
+    int paramsLen = params().length();
+    ensureCapacity(paramsLen + signature.remaining());
+    ((ByteBuffer) buffer.duplicate().position(paramsLen)).put(signature);
+  }
+  
+  public void ensureCapacity(int capacity)
+  {
+    if (buffer.capacity() >= capacity)
+      return;
+    ByteBuffer newBuffer = ByteBuffer.allocate(capacity);
+    newBuffer.duplicate().put(buffer);
+    buffer = newBuffer;
+  }
+}
diff --git a/gnu/javax/net/ssl/provider/SimpleSessionContext.java b/gnu/javax/net/ssl/provider/SimpleSessionContext.java
new file mode 100644
index 000000000..b9d0f9551
--- /dev/null
+++ b/gnu/javax/net/ssl/provider/SimpleSessionContext.java
@@ -0,0 +1,146 @@
+/* SimpleSessionContext.java -- memory-only session store.
+   Copyright (C) 2006  Free Software Foundation, Inc.
+
+This file is a part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or (at
+your option) any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; if not, write to the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+USA
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.  */
+
+
+package gnu.javax.net.ssl.provider;
+
+import gnu.javax.net.ssl.AbstractSessionContext;
+import gnu.javax.net.ssl.Session;
+import gnu.javax.net.ssl.SessionStoreException;
+import gnu.javax.net.ssl.Session.ID;
+
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+
+/**
+ * A simple, non-persistent SessionContext.
+ * 
+ * @author csm
+ */
+public final class SimpleSessionContext
+  extends AbstractSessionContext
+{
+  /**
+   * By default, sessions last for 5 minutes.
+   */
+  public static final int DEFAULT_TIMEOUT = 300;
+  
+  private final HashMap<Session.ID, Session> store;
+  private int storeLimit;
+  
+  public SimpleSessionContext()
+  {
+    super(DEFAULT_TIMEOUT);
+    storeLimit = 0;
+    store = new HashMap<Session.ID, Session>();
+  }
+  
+  @Override
+  protected Session implGet(byte[] sessionId)
+  {
+    return store.get(new Session.ID(sessionId));
+  }
+
+  @Override
+  public void load(char[] password) throws SessionStoreException
+  {
+    // Not supported. Memory-only.
+  }
+
+  @Override
+  public void put(Session session)
+  {
+    if (storeLimit > 0 && store.size() >= storeLimit)
+      {
+        Session oldest = null;
+        for (Map.Entry<Session.ID, Session> e : store.entrySet())
+          {
+            Session s = e.getValue();
+            long stamp = s.getLastAccessedTime();
+            if (oldest == null || oldest.getLastAccessedTime() > stamp)
+              oldest = s;
+          }
+        store.remove(oldest.id());
+      }
+    store.put(session.id(), session);
+  }
+
+  @Override
+  public void remove(byte[] sessionId)
+  {
+    store.remove(new Session.ID(sessionId));
+  }
+
+  @Override
+  public void store(char[] password) throws SessionStoreException
+  {
+    // Not supported. Memory-only.
+  }
+
+  public Enumeration getIds()
+  {
+    return new Enumeration()
+    {
+      Iterator<Session.ID> it = store.keySet().iterator();
+      
+      public boolean hasMoreElements()
+      {
+        return it.hasNext();
+      }
+      
+      public Object nextElement()
+      {
+        return it.next().id();
+      }
+    };
+  }
+
+  public int getSessionCacheSize()
+  {
+    return storeLimit;
+  }
+
+  public void setSessionCacheSize(int size)
+  {
+    if (size < 0)
+      throw new IllegalArgumentException("cache size must be nonnegative");
+    this.storeLimit = size;
+  }
+
+}