The Secure Socket Layer (SSL) provides a standard protocol operating over TCP/IP through which encrypted traffic can be exchanged between a client and a server. The Java Secure Socket Extension (JSSE) provides a standard Java-based API to SSL. Underlying SSL provider implementations can be used with JSSE, while a standard and stable API is provided for JSSE clients. In this chapter, we will briefly explore the SSL standard and JSSE API mechanisms used by clients and servers.
In this chapter, you will learn
The basics of the SSL protocol
The basic architecture of the JSSE API
The means by which JSSE provider implementations are used with the JSSE API
The basic approach for building SSL servers using JSSE
The basic approach for building SSL clients using JSSE
The concepts behind SSL sessions and JSSE APIs being available to encapsulate such concepts
SSL is a communications protocol layer created by the Netscape Communications Corporation. It rests atop the TCP/IP protocol stack. SSL provides secure services over TCP/IP, such as confidentiality through data encryption, integrity via a MAC algorithm, and optional authenticity and nonrepudiation of both a socket client and a socket server. Although operating over TCP/IP, SSL can also operate under other TCP/IP-based protocols such as HTTP and IIOP. Thus, SSL can be viewed as a layer that operates between TCP/IP and higher-level communications protocols, such as HTTP and IIOP, to provide a secure communications solution. Note that although SSL most typically operates above TCP/IP, it can also operate above other reliable transport protocols.
SSL v1 was never publicly used, but Netscape introduced SSL v2 with version 1 of Netscape Navigator. SSL v3 represents the most current SSL standard in wide use. The Transport Layer Security (TLS) protocol developed by the Internet Engineering Task Force (IETF) extends the SSL v3 protocol with enhancements to the authentication aspects of the SSL algorithm. The Wireless Transport Layer Security (WTLS) protocol, as its name implies, is a version of TLS used in wireless communications.
The SSL v3 behavior follows the basic algorithmic sequence described here:
An SSL Client connects to an SSL Server.
The SSL Client sends a client hello message to the SSL Server containing the SSL version number, any crypto methods supported by the client, and a random byte stream.
The SSL Server sends a server hello message to the SSL Client containing the SSL version number, the selected crypto method, a session ID, and a random byte stream.
The SSL Server sends a server X.509 certificate to the SSL Client.
(Optional Client Authentication) The SSL Server sends a certificate request to the SSL Client.
The SSL Client authenticates the SSL Server using the server certificate by checking the validity date on the certificate, determining whether the signing CA is trusted, verifying the signature, and possibly determining whether the domain name of the server certificate matches the domain name of the server.
The SSL Client generates a premaster secret key and encrypts it with the server public key.
The SSL Client sends the encrypted premaster secret key to the SSL Server.
(Optional Client Authentication) The SSL Client sends a client X.509 certificate and another signed piece of data to the SSL Server.
(Optional Client Authentication) The SSL Server authenticates the SSL Client using the client certificate by checking the validity date on the certificate, determining whether the signing CA is trusted, and verifying the signature.
The SSL Client and SSL Server both use the premaster secret to generate a master secret.
The SSL Client and SSL Server both independently generate a secret session key from the master key.
The SSL Client and SSL Server exchange cipher specification messages indicating that any subsequent messages should be encrypted using the secret session key.
The SSL Client and SSL Server exchange a handshake-finished message encrypted with the session key indicating that the SSL Session can now begin.
In addition to this basic handshaking protocol, messages can be sent between SSL client and server to indicate certain warning and error conditions. A protocol for changing the crypto algorithm used by the SSL session is also provided by SSL.
It is the SSL handshaking protocol, however, that provides the most insight into the utility of SSL. While the server can authenticate a client by validating the client's public certificate, this does not provide a complete authentication solution. Rather, the fact that key exchange messages are generated by the client using the client's private key enables the server to successfully decrypt information sent by the client to the server. The server thus authenticates that the actual client sent such information based on use of the client's public certificate. The same authentication process applies to the client's authentication of the server. Thus, the server-side SSL process must have a means to access the key store for the server private key during server authentication, and the client must have a means to access the key store for the client private key during client authentication.
A full description of SSL is beyond the scope of this book. But it does help to have a basic understanding of the SSL handshaking protocol as described above. This will enable you to better understand how to construct Java applications that utilize an API to SSL. Such an understanding can help you understand what SSL can and cannot do for you when providing confidential communications between a client and server. For example, based on the basic algorithmic SSL handshaking sequence described earlier, it may be apparent to you how difficult delegation of client identity is via SSL. That is, when using client authentication with SSL, the client's private key, retrieved from a key store, is used on the client-side in the process of generating the key exchange information. Thus, if the SSL client process is acting on behalf of another actual user process, the SSL client would have to have the private key of the actual user process. This is of course unacceptable in many situations.
Thus, while most people think of authentication as the means by which users authenticate themselves with a server process in order to perform security-critical operations, intermediate processes that must present themselves to the server on behalf of the end user may find it difficult to do so using SSL. More often than not, when using SSL for providing confidentiality between a client and server, the authentication that takes place is to authenticate the two end processes involved with the SSL session. A higher-level authentication process may actually be implemented above SSL in order for an SSL client to delegate end user process identity to the SSL server. For more information on SSL, check out http://www.assuredtech.com/resources/ssl.
The Java Secure Socket Extension (JSSE) provides a standard API to secure socket protocols such as SSL. The JSSE also supports an API to the Transport Layer Security (TLS) secure socket protocol. These are the specific protocol versions that are supported:
SSL version 2 and 3
TLS version 1
These versions are supported only by virtue of the JSSE API. At the time of this writing, Sun provided a reference implementation for only a subset of these protocols (SSL v3 and TLS v1). As with the other security extensions, the JSSE architecture follows the same adapter model of providing an API and a service provider interface for different underlying implementations to plug into the JSSE. The JSSE v1.0 download is available at http://java.sun.com/products/jsse/.
The following packages compose the JSSE v1.0 architecture:
javax.net.ssl: This package contains the set of core classes and interfaces for the JSSE APIs.javax.net: This package is not specific to the JSSE, but it is needed to support basic client socket and server socket factory functionality.javax.security.cert: This package is also not specific to the JSSE, but it is needed to support basic certificate management functionality.
The JSSE class architecture is primarily useful for its encapsulation of SSL socket and SSL server socket objects and factories. SSL session handles can also be useful. Finally, the SSL binding and handshake event and listener APIs are also provided. Figure 9.1 depicts this core architecture of the JSSE. Note that, in order to keep the overview discussion brief, overloaded methods or method signatures are not shown in this diagram. The following list describes the role of each major API class or interface in the JSSE architecture:
SSLSocket: A socket that supports SSL, TLS, and WTLS secure socket protocolsSSLServerSocket: A server socket that supports SSL, TLS, and WTLS secure socket protocolsSSLServerSocketFactory: A factory forSSLServerSocketobjectsSSLSession: An interface to an object encapsulating an SSL sessionSSLSessionContext: An interface to an object encapsulating a collection of SSL sessions identified with a session IDSSLBindingEvent: An event class encapsulating SSL session binding and unbinding eventsSSLBindingListener: A listener interface implemented by objects wanting to be made aware of SSL session binding and unbinding eventsHandshakeCompletedEvent: An event class encapsulating the fact that an SSL handshake has completedHandshakeCompletedListener: A listener interface implemented by objects wanting to be made aware of SSL handshake completion events
Thus, as you can see, the basic JSSE architecture is rather simple and yet provides a core suite of API abstractions necessary for tapping the functionality of SSL from within Java applications. The remainder of this chapter will describe the most important JSSE API abstractions in more detail and demonstrate how to use them in your applications. Note however that at the time of this writing, the JSSE API was still fairly young in its version 1.0 release form. Thus, the chapter discussion focuses on the core JSSE APIs and most commonly used interfaces for immediate practical API usage. Additional vendor-specific SSL library interfaces may still be utilized by Java JSSE API developers in actual real-world implementations.
As with other Java 2 security and JCA means for configuring security module providers for use by a particular JVM instance, the JSSE follows the same provider configuration scheme. That is, a JSSE provider can be configured for use with a JVM instance by configuring an entry in the [JRE_HOME]libsecurityjava.security file. A security.provider.x entry in that file can be modified or added to reference a particular security provider. For example, you might have
security.provider.1=com.assuredtech.security.SSLProvider
Similarly, a security provider might also be configured for use with a JVM instance from within a static method call to the java.security.Security class as exemplified here:
// Add new instance of a JSSE provider
java.security.Provider provider
= new com.sun.net.ssl.internal.ssl.Provider();
java.security.Security.addProvider(provider);
The provider class name used for this example is simply the default SSL provider that comes equipped with the downloaded JSSE reference implementation. The end-to-end SSL client and server example that is built up throughout this chapter in fact assumes that your SSL client and SSL server have established the default security provider during startup as shown above. The default provider implementation packaged with the JSSE reference implementation provides support for SSL v3 and TLS v1. The default implementation also provides support for RSA encryption used in generating signatures, support for PKCS12 key stores, X.509 key management functionality for loading authentication keys from a key store, and X.509 trust management functionality for chaining of certificates.
Creating SSL server sockets can be as simple as creating regular Java TCP/IP server sockets. SSL server socket abstractions provide additional hooks, however, to manipulate the security and SSL-related operation characteristics of SSL socket connections. SSL cipher parameters, authentication properties, and handshaking management are also exposed by the SSL abstractions. Although standard APIs exist for creating SSL server sockets using standard SSL server socket factories, the means by which handles to SSL server socket factories are obtained can be JSSE provider-specific.
In this section, we explore the most basic steps for creating JSSE SSL server socket factories, creating SSL server sockets, and blocking for SSL client socket requests in the context of an example SSL server. Manipulation of such sockets is then most often implemented just as regular java.net TCP/IP sockets are manipulated.
The JSSE uses the concept of socket factories to create handles to SSL sockets. The javax.net.ServerSocketFactory class is an abstract class used to create generic server sockets. It is subclassed by the javax.net.ssl.SSLServerSocketFactory abstract class to create SSL server socket handles. A handle to a default server socket provided by the JSSE provider can be yielded with the following static method call:
javax.net.ssl.SSLServerSocketFactory sslServerSocket
= SSLServerSocketFactory.getDefault();
The default server socket factory class name is identified in the [JRE_HOME]libsecurityjava.security file for your Java runtime environment using the ssl.ServerSocketFactory.provider property name as exemplified here:
ssl.ServerSocketFactory.provider=com.assuredtech.ssl.ServerSocketFactoy
Additionally, JSSE providers will often provide vendor-specific ways to obtain handles to SSLServerSocketFactory objects so that server authentication information can be provided.
For example, the JSSE reference implementation provides a com.sun.net.ssl.SSLContext class that can be used to obtain handles to concrete SSLServerSocketFactory implementation objects after proper initialization. Before you can use the reference implementation's SSLContext object to obtain such an SSL server socket factory, you must take a number of steps to configure the SSL server socket with particular security and operational properties.
The standard JCA java.security.KeyStore object is first used to obtain a handle to a stored collection of server certificates and keys. For example, a KeyStore object is created using the JCA-provided JKS key store type with a samplestore key store file name, and it is loaded using a SAMPLESTOREPASS password via the following sample block of code:
// Get and load standard KeyStore
java.security.KeyStore keyStore = null;
try{
// Get key store instance
String keyStoreType = "JKS";
keyStore = KeyStore.getInstance(keyStoreType);
// Create key store file stream
String keyStoreFileName = "samplestore";
FileInputStream fileInputStream
= new FileInputStream(keyStoreFileName);
// Load keys store from file stream given a password
String keyStorePassword = "SAMPLESTOREPASS";
char[] keyStorePassordInChars = keyStorePassword.toCharArray();
keyStore.load(fileInputStream, keyStorePassordInChars);
}
catch(NoSuchAlgorithmException noAlgorithmEx){
noAlgorithmEx.printStackTrace();
}
catch(FileNotFoundException fileNotFoundException){
fileNotFoundException.printStackTrace();
}
catch(IOException ioException){
ioException.printStackTrace();
}
catch(KeyStoreException keyStoreException){
keyStoreException.printStackTrace();
}
catch(CertificateException certificateException){
certificateException.printStackTrace();
}
A special JSSE reference implementation-specific collection of key managers is then created using the JCA KeyStore object. This object is used to manage the keys employed during the SSL authentication process. For example, a collection of X509-based key managers is created using the com.sun.net.ssl.KeyManager class as shown here:
// Get reference implementation key managers given key store
com.sun.net.ssl.KeyManager[] keyManagers = null;
try{
// Create a key manager factory given an algorithm
String keyManagerAlgorithm = "SunX509";
com.sun.net.ssl.KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(keyManagerAlgorithm);
// Initialize key manager factory with password and key store
String keyManagerPassword = "SAMPLEKEYPASS";
keyManagerFactory.init(keyStore , keyManagerPassword.toCharArray());
// Get key managers from the factory
keyManagers = keyManagerFactory.getKeyManagers();
}
catch(NoSuchAlgorithmException noAlgorithmEx){
noAlgorithmEx.printStackTrace();
}
catch(UnrecoverableKeyException unrecoverableKeyException){
unrecoverableKeyException.printStackTrace();
}
catch(KeyStoreException keyStoreException){
keyStoreException.printStackTrace();
}
The JSSE reference implementation also uses trust manager objects to implement trusted remote process decisions employed during SSL authentication. For example, a collection of com.sun.net.ssl.TrustManager objects can be created as follows:
// Get reference implementation trust managers
com.sun.net.ssl.TrustManager[] trustedManagers = null;
try{
// Create trust manager factory
String trustManagerAlgorithm = "SunX509";
com.sun.net.ssl.TrustManagerFactory trustManagerFactory
= TrustManagerFactory.getInstance(trustManagerAlgorithm);
// Initialize trust manager factory
trustManagerFactory.init(keyStore);
// Get trust managers
trustedManagers = trustManagerFactory.getTrustManagers();
}
catch(NoSuchAlgorithmException noAlgorithmEx){
noAlgorithmEx.printStackTrace();
}
catch(KeyStoreException keyStoreException){
keyStoreException. printStackTrace();
}
The standard JCA java.security.SecureRandom
class for generating random seed values is also utilized during initialization of the JSSE's reference implementation SSLContext object. A SecureRandom object can be created as follows:
// Get secure random value
java.security.SecureRandom secureRandom = null;
try{
// Create secure random instance given an algorithm and provider
String secureRandomAlgorithm = "SHA1PRNG";
String secureRandomProvider = "SUN";
secureRandom = SecureRandom.getInstance(secureRandomAlgorithm,
secureRandomProvider);
}
catch(NoSuchProviderException noProviderEx){
noProviderEx.printStackTrace();
}
catch(NoSuchAlgorithmException noAlgorithmEx){
noAlgorithmEx.printStackTrace();
}
Now that we have handles to KeyManager objects, TrustManager objects, and a SecureRandom object, the SSLContext object can be created and initialized. Such objects used during initialization of the SSLContext object will also be used subsequently to initialize the security and operational qualities of the SSLServerSocketFactory. The creation and initialization of the JSSE reference implementation specific SSLContext object are demonstrated here:
// Get and initialize reference implementation SSL context
// given key managers, trust managers, and a secure random value
com.sun.net.ssl.SSLContext sslContext = null;
try{
// Create an SSL context given a context provider
String sslContextProvider = "SUN";
sslContext = SSLContext.getInstance(sslContextProvider);
// Initialize SSL context
sslContext.init(keyManagers, trustedManagers, secureRandom);
}
catch(NoSuchAlgorithmException noAlgorithmEx){
noAlgorithmEx.printStackTrace();
}
catch(KeyManagementException keyManagementEx){
keyManagementEx. printStackTrace();
}
We can now obtain a handle to the standard JSSE SSLServerSocketFactory object. Using SSLContext, the SSLServerSocketFactory handle is obtained as follows:
Creating handles to SSL server sockets using the SSLServerSocketFactory object can be performed in one of three ways. The SSLServerSocketFactory object's base ServerSocketFactory class has three standard createServerSocket() methods defined. These return handles to java.net.ServerSocket objects. When you are using a SSLServerSocketFactory subclass, the returned server sockets will actually be subclasses of the abstract javax.net.ssl.SSLServerSocket class.
The three types of createServerSocket() method can take one of the following:
An SSL port number, returning server sockets on the local host
An SSL port number and connection backlog number
A port number, backlog number, and specified network interface
InetAddress
For example, to create a handle to an SSLServerSocket using a port number of 9000 on the local host, use
After an SSL server socket has been created, SSL server sockets listen for SSL client requests in the same way that regular server sockets listen for socket client requests. That is, the SSLServerSocket class's accept() method is used to block for client requests and returns an instance of a java.net.Socket object representing the socket connection with the requesting client. By casting this object to the javax.net.ssl.SSLSocket abstract subclass of Socket, special SSL-related socket manipulation operations will be exposed to the SSL server socket.
For example, if you use the SSLServerSocket object created earlier to block for client requests and hand off returned SSLSocket objects to a special thread handler, you might utilize the following code:
try{
// Enter server loop to wait for client requests and then
// hand off client sockets handles to special handler threads
while(true){
// Block waiting for client requests
javax.net.ssl.SSLSocket clientSocket
= (SSLSocket) sslServerSocket.accept();
// Hand off SSLSocket to special runnable handler thread
MyHandler handlerThread = new MyHandler(clientSocket);
// Start the special handler thread
handlerThread.start();
}
}
catch(IOException ioEx){
ioEx.printStackTrace();
System.exit(0);
}
The thread handler may then handle client requests using socket calls from the java.net package and I/O stream handling from the java.io package as usual without any cognizance of SSL specifics. As an example, the MyHandler thread class may implement its run() method as follows:
public class MyHandler extends Thread
{
private Socket sslSocket;
private InputStream remoteInStream;
private OutputStream remoteOutStream ;
...
public MyHandler(SSLSocket sslSocket) throws IOException
{
// Set client socket handle and get IO streams
this.sslSocket = sslSocket;
this.remoteOutStream = sslSocket.getOutputStream();
this.remoteInStream = sslSocket.getInputStream();
}
public void run()
{
try {
...
// Create a data input stream
DataInputStream inputStream = new DataInputStream(remoteInStream);
// Read a line from the input stream
String readLine = null;
while( (readLine = inputStream.readLine()) == null){
System.out.println(readLine);
} ;
// Read another line
readLine = inputStream.readLine();
System.out.println(readLine);
...
}
catch (IOException ioException) {
ioException. printStackTrace();
}
}
The need for clients to authenticate themselves to SSL servers can also be established on the server side. The SSLServerSocket.setNeedClientAuth(boolean flag) method call is used by SSL servers to indicate whether clients must supply certificates during the creation of new connections with the server. The SSLServerSocket.getNeedClientAuth() call returns a boolean value indicating whether client authentication is required after such a value has been set.
If client authentication is required, the SSL client will have to provide certificate information to the SSL server. When using JSSE on the client-side, the client authentication steps are accomplished primarily using vendor-specific means. The vendor-specific means for providing such information will most likely be similar to the means that JSSE SSL servers use to obtain handles to JSSE SSL server socket factories. (That method is shown earlier in this section).
The creation of SSL sockets from client to server is also a very simple task using JSSE. Clients must first obtain handles to SSL socket factories. These handles are obtained in the same way as SSL servers obtain handles to SSL server socket factories. Creation of SSL client sockets is then accomplished using one of a few very simple socket-creation calls. SSL sockets are then used much as regular Java Socket objects are used to communicate with a remote server. This section describes how to obtain SSL socket factory objects and how to create SSL socket objects using JSSE.
Akin to the way in which SSL servers obtain handles to SSL server socket factories, SSL clients obtain handles to SSL socket factories. The abstract javax.net.ssl.SSLSocketFactory class extends the javax.net.SocketFactory class to return SSL socket handles for clients. JSSE providers might provide vendor-specific mechanisms for obtaining SSLSocketFactory handles, or a client might obtain a handle to the default SSLSocketFactory configured for that client's environment.
The vendor-specific means for obtaining an SSLSocketFactory handle using the JSSE reference implementation is nearly identical to the creation of SSLServerSocketFactory handles. The only key difference is that the following sample SSLContext call is made after establishing all security and operational parameters:
SSLContext sslContext = SSLContext.getInstance("SUN");;
...
// Establish parameters and initialize SSLContext
...
SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
Alternatively, a default SSLSocketFactory can be configured for the client's environment in the [JRE_HOME]libsecurityjava.security file's ssl.SocketFactory.provider property as follows:
ssl.ServerFactory.provider=com.assuredtech.ssl.SocketFactory
From within the client code, the following standard JSSE call can then be made:
After an SSLSocketFactory is obtained, a client can then use one of a few simple means for creating a handle to an javax.net.ssl.SSLSocket object. A java.net.Socket object is returned using one of four calls defined at the base SocketFactory level:
createSocket(String host, int port): Creates aSocketgiven a remote host and port number.createSocket(InetAddress host, int port): Creates aSocketgiven a remote host and port number.createSocket(String host, int port, InetAddress clientHost, int clientPort): Creates aSocketgiven a remote host and port number in addition to a client-side host and port number.createSocket(InetAddress host, int port, InetAddress clientHost, int clientPort): Creates aSocketgiven a remote host and port number in addition to a client-side host and port number.
Additionally, the SSLSocketFactory subclass of SocketFactory defines another createSocket() method that creates a Socket wrapped around an existing Socket. In addition to an existing Socket handle, a remote server host String, a remote port number, and a boolean value are provided to indicate whether to close the wrapped socket when the newly created Socket is closed. The signature of this method is createSocket(Socket wrappedSocket, String host, int portNumber, boolean autoClose).
As a final note, when you are creating SSLSocket objects, they must be cast from the signature java.net.Socket type as exemplified here:
// Set remote host and port number
String host = "111.111.111.111";
String portNumber = 9000;
// Create an SSLSocket to a remote server
SSLSocket sslSocket
= (SSLSocket) sslSocketFactory.createSocket(host, portNumber);
Use of SSLSocket objects on the client side then proceeds as usual with the base Socket class. All encryption and decryption via SSL occur transparently to the client when InputStream and OutputStream objects are used to receive and send data respectively.
An SSL session represents a communications session between two threads. Data communicated between such entities engaged in an SSL session can be exchanged over different physical connections during the lifetime of the session. Likewise, an SSL connection might allow more than one session to utilize the established SSL connection.
On the server side, the capability to create SSL sessions associated with an SSL server socket can be established using the SSLServerSocket.setEnableSessionCreation(boolean flag) method. The boolean value passed into such a method of course indicates true if SSL sessions are allowed to be created on the server socket connection. The SSLServerSocket.getEnableSessionCreation() method call returns a boolean value to determine if the SSL server socket enables session creation. The same two methods exist on the SSLSocket object as well. In addition to such methods, the SSLSocket object also provides a getSession() method to return an SSLSession object used by the current connection. The SSLSession.invalidate() method is used to invalidate sessions and, thus, prevent other connections from using the current SSL session.
The javax.net.ssl.SSLSession interface provides a means by which objects can be bound to a session using a String name and for removing and retrieving such objects via the following methods:
void putValue(String name, Object value): Binds the named object to the session.void removeValue(String name): Removes the bound named object from the session.Object getValue(String name): Returns a handle to an object bound with an associated name to this session.String[] getValueNames(): Returns a collection ofStringnames for those objects bound to this session.
Additionally, SSLSession defines a number of other getters related to attributes of the SSL session:
String getPeerHost(): Returns the host name for the remote session peer.X509Certificate[] getPeerCertificateChain(): Returns a chain of certificates associated with the remote peer of this session.String getCipherSuite(): Returns a name for the SSL cipher suite used by this session.long getCreationTime(): Returns alongvalue representation of when the session was created, measured in milliseconds since January 1, 1970.long getLastAccessedTime(): Returns alongvalue representation of when the session was last used, measured in milliseconds since January 1, 1970.SSLSessionContext getSessionContext(): Returns a handle to the context for the session.
The javax.net.ssl.SSLSessionContext interface simply serves as a collection of SSLSession objects that are associated with a particular entity. The SSLSessionContext interface defines a getIds() method to return an Enumeration of all session IDs associated with the SSL context. The SSLSessionContext interface also defines a getSession (byte[] sessionID) method to return an SSLSession identified by the session ID byte array.
SSL is a popular means for encrypting traffic between clients and servers. SSL sessions are encrypted using server-side certificate information and can also, optionally, require clients to authenticate themselves. JSSE provides a standard API for encapsulating the SSL protocol for use by SSL clients and servers. JSSE providers plug their specific SSL implementations beneath the JSSE standard API. By using JSSE in your Java applications, you can better insulate your applications to vendor-specific SSL API mechanisms. Although this is generally true, a vendor-specific method for configuring socket factories and authentication information is still required for JSSE v1.0.