google · prbprbprb · Jan 16, 2025 · Jan 14, 2025 · Jan 14, 2025 · Jan 14, 2025
diff --git a/android-stub/src/main/java/android/pake/PakeClientKeyManagerParameters.java b/android-stub/src/main/java/android/pake/PakeClientKeyManagerParameters.java
@@ -0,0 +1,119 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.net.ssl;
+
+import static java.util.Objects.requireNonNull;
+
+import libcore.util.NonNull;
+import libcore.util.Nullable;
+
+import java.security.InvalidParameterException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import javax.net.ssl.ManagerFactoryParameters;
+
+/**
+ * Parameters for configuring a {@code KeyManager} that supports PAKE (Password
+ * Authenticated Key Exchange).
+ *
+ * <p>This class holds the necessary information for the {@code KeyManager} to perform PAKE
+ * authentication, including the IDs of the client and server involved and the available PAKE
+ * options.</p>
+ *
+ * <p>Instances of this class are immutable. Use the {@link Builder} to create
+ * instances.</p>
+ *
+ * @hide
+ */
+public final class PakeClientKeyManagerParameters implements ManagerFactoryParameters {
+    /**
+     * Returns the client identifier.
+     *
+     * @return The client identifier.
+     */
+    public @Nullable byte[] getClientId() {
+        throw new RuntimeException("Stub!");
+    }
+
+    /**
+     * Returns the server identifier.
+     *
+     * @return The server identifier.
+     */
+    public @Nullable byte[] getServerId() {
+        throw new RuntimeException("Stub!");
+    }
+
+    /**
+     * Returns a copy of the list of available PAKE options.
+     *
+     * @return A copy of the list of available PAKE options.
+     */
+    public @NonNull List<PakeOption> getOptions() {
+        throw new RuntimeException("Stub!");
+    }
+
+    /**
+     * A builder for creating {@link PakeClientKeyManagerParameters} instances.
+     *
+     * @hide
+     */
+    public static final class Builder {
+        /**
+         * Sets the ID of the client involved in the PAKE exchange.
+         *
+         * @param clientId The ID of the client involved in the PAKE exchange.
+         * @return This builder.
+         */
+        public @NonNull Builder setClientId(@Nullable byte[] clientId) {
+            throw new RuntimeException("Stub!");
+        }
+
+        /**
+         * Sets the ID of the server involved in the PAKE exchange.
+         *
+         * @param serverId The ID of the server involved in the PAKE exchange.
+         * @return This builder.
+         */
+        public @NonNull Builder setServerId(@Nullable byte[] serverId) {
+            throw new RuntimeException("Stub!");
+        }
+
+        /**
+         * Adds a PAKE option.
+         *
+         * @param option The PAKE option to add.
+         * @return This builder.
+         * @throws InvalidParameterException If an option with the same algorithm already exists.
+         */
+        public @NonNull Builder addOption(@NonNull PakeOption option) {
+            throw new RuntimeException("Stub!");
+        }
+
+        /**
+         * Builds a new {@link PakeClientKeyManagerParameters} instance.
+         *
+         * @return A new {@link PakeClientKeyManagerParameters} instance.
+         * @throws InvalidParameterException If no PAKE options are provided.
+         */
+        public @NonNull PakeClientKeyManagerParameters build() {
+            throw new RuntimeException("Stub!");
+        }
+    }
+}
diff --git a/android-stub/src/main/java/android/pake/PakeOption.java b/android-stub/src/main/java/android/pake/PakeOption.java
@@ -0,0 +1,98 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.net.ssl;
+
+import libcore.util.NonNull;
+import libcore.util.Nullable;
+
+import java.security.InvalidParameterException;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * An class representing a PAKE (Password Authenticated Key Exchange)
+ * option for TLS connections.
+ *
+ * <p>Instances of this class are immutable. Use the {@link Builder} to create
+ * instances.</p>
+ *
+ * @hide
+ */
+public final class PakeOption {
+    /**
+     * Returns the algorithm of the PAKE algorithm.
+     *
+     * @return The algorithm of the PAKE algorithm.
+     */
+    public @NonNull String getAlgorithm() {
+        throw new RuntimeException("Stub!");
+    }
+
+    /**
+     * Returns the message component with the given key.
+     *
+     * @param key The algorithm of the component.
+     * @return The component data, or {@code null} if no component with the given
+     *         key exists.
+     */
+    public @Nullable byte[] getMessageComponent(@NonNull String key) {
+        throw new RuntimeException("Stub!");
+    }
+
+    /**
+     * A builder for creating {@link PakeOption} instances.
+     *
+     * @hide
+     */
+    public static final class Builder {
+        /**
+         * Constructor for the builder.
+         *
+         * @param algorithm The algorithm of the PAKE algorithm.
+         * @throws InvalidParameterException If the algorithm is invalid.
+         */
+        public Builder(@NonNull String algorithm) {
+            throw new RuntimeException("Stub!");
+        }
+
+        /**
+         * Adds a message component.
+         *
+         * @param key The algorithm of the component.
+         * @param value The component data.
+         * @return This builder.
+         * @throws InvalidParameterException If the key is invalid.
+         */
+        public @NonNull Builder addMessageComponent(@NonNull String key, @Nullable byte[] value) {
+            throw new RuntimeException("Stub!");
+        }
+
+        /**
+         * Builds a new {@link PakeOption} instance.
+         *
+         * <p>This method performs validation to ensure that the message components
+         * are consistent with the PAKE algorithm.</p>
+         *
+         * @return A new {@link PakeOption} instance.
+         * @throws InvalidParameterException If the message components are invalid.
+         */
+        public @NonNull PakeOption build() {
+            throw new RuntimeException("Stub!");
+        }
+    }
+}
diff --git a/android-stub/src/main/java/android/pake/PakeServerKeyManagerParameters.java b/android-stub/src/main/java/android/pake/PakeServerKeyManagerParameters.java
@@ -0,0 +1,156 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.net.ssl;
+
+import static java.util.Objects.requireNonNull;
+
+import libcore.util.NonNull;
+import libcore.util.Nullable;
+
+import java.security.InvalidParameterException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import javax.net.ssl.ManagerFactoryParameters;
+
+/**
+ * Parameters for configuring a {@code KeyManager} that supports PAKE
+ * (Password Authenticated Key Exchange) on the server side.
+ *
+ * <p>This class holds the necessary information for the {@code KeyManager} to perform PAKE
+ * authentication, including a mapping of client and server IDs (links) to their corresponding PAKE
+ * options.</p>
+ *
+ * <p>Instances of this class are immutable. Use the {@link Builder} to create
+ * instances.</p>
+ *
+ * @hide
+ */
+public final class PakeServerKeyManagerParameters implements ManagerFactoryParameters {
+    /**
+     * Returns a set of the links.
+     *
+     * @return The known links.
+     */
+    public @NonNull Set<Link> getLinks() {
+        throw new RuntimeException("Stub!");
+    }
+
+    /**
+     * Returns an unmodifiable list of PAKE options for the given {@link Link}.
+     *
+     * @param link The link for which to retrieve the options. Should have been obtained through
+     *             {@link #getLinks}.
+     * @return An unmodifiable list of PAKE options for the given link.
+     */
+    public @NonNull List<PakeOption> getOptions(@NonNull Link link) {
+        throw new RuntimeException("Stub!");
+    }
+
+    /**
+     * Returns an unmodifiable list of PAKE options for the given client-server pair.
+     *
+     * @param clientId The client identifier for the link.
+     * @param serverId The server identifier for the link.
+     * @return An unmodifiable list of PAKE options for the given link.
+     */
+    public @NonNull List<PakeOption> getOptions(
+            @Nullable byte[] clientId, @Nullable byte[] serverId) {
+        throw new RuntimeException("Stub!");
+    }
+
+    /**
+     * A PAKE link class combining the client and server IDs.
+     *
+     * @hide
+     */
+    public static final class Link {
+        /**
+         * Constructs a {@code Link} object.
+         *
+         * @param clientId The client identifier for the link.
+         * @param serverId The server identifier for the link.
+         */
+        private Link(@Nullable byte[] clientId, @Nullable byte[] serverId) {
+            throw new RuntimeException("Stub!");
+        }
+
+        /**
+         * Returns the client identifier for the link.
+         *
+         * @return The client identifier for the link.
+         */
+        public @Nullable byte[] getClientId() {
+            throw new RuntimeException("Stub!");
+        }
+
+        /**
+         * Returns the server identifier for the link.
+         *
+         * @return The server identifier for the link.
+         */
+        public @Nullable byte[] getServerId() {
+            throw new RuntimeException("Stub!");
+        }
+
+        @Override
+        public boolean equals(Object o) {
+            throw new RuntimeException("Stub!");
+        }
+
+        @Override
+        public int hashCode() {
+            throw new RuntimeException("Stub!");
+        }
+    }
+
+    /**
+     * A builder for creating {@link PakeServerKeyManagerParameters} instances.
+     *
+     * @hide
+     */
+    public static final class Builder {
+        /**
+         * Adds PAKE options for the given client and server IDs.
+         * Only the first link for SPAKE2PLUS_PRERELEASE will be used.
+         *
+         * @param clientId The client ID.
+         * @param serverId The server ID.
+         * @param options The list of PAKE options to add.
+         * @return This builder.
+         * @throws InvalidParameterException If the provided options are invalid.
+         */
+        public @NonNull Builder setOptions(@Nullable byte[] clientId, @Nullable byte[] serverId,
+                @NonNull List<PakeOption> options) {
+            throw new RuntimeException("Stub!");
+        }
+
+        /**
+         * Builds a new {@link PakeServerKeyManagerParameters} instance.
+         *
+         * @return A new {@link PakeServerKeyManagerParameters} instance.
+         * @throws InvalidParameterException If no links are provided.
+         */
+        public @NonNull PakeServerKeyManagerParameters build() {
+            throw new RuntimeException("Stub!");
+        }
+    }
+}
diff --git a/android/src/main/java/org/conscrypt/Platform.java b/android/src/main/java/org/conscrypt/Platform.java
@@ -977,4 +977,8 @@ public static boolean isTlsV1Filtered() {
     public static boolean isTlsV1Supported() {
         return ENABLED_TLS_V1;
     }
+
+    public static boolean isPakeSupported() {
+        return false;
+    }
 }
diff --git a/common/src/main/java/org/conscrypt/ConscryptEngineSocket.java b/common/src/main/java/org/conscrypt/ConscryptEngineSocket.java
@@ -110,7 +110,9 @@ class ConscryptEngineSocket extends OpenSSLSocketImpl implements SSLParametersIm
     private static ConscryptEngine newEngine(
             SSLParametersImpl sslParameters, final ConscryptEngineSocket socket) {
         SSLParametersImpl modifiedParams;
-        if (Platform.supportsX509ExtendedTrustManager()) {
+        if (sslParameters.isSpake()) {
+            modifiedParams = sslParameters.cloneWithSpake();
+        } else if (Platform.supportsX509ExtendedTrustManager()) {
             modifiedParams = sslParameters.cloneWithTrustManager(
                 getDelegatingTrustManager(sslParameters.getX509TrustManager(), socket));
         } else {