public class SslContextFactory extends AbstractLifeCycle
AbstractLifeCycle.AbstractLifeCycleListener
LifeCycle.Listener
Modifier and Type | Field and Description |
---|---|
static String |
DEFAULT_KEYMANAGERFACTORY_ALGORITHM |
static String |
DEFAULT_KEYSTORE_PATH
Default value for the keystore location path.
|
static String |
DEFAULT_TRUSTMANAGERFACTORY_ALGORITHM |
static String |
KEYPASSWORD_PROPERTY
String name of key password property.
|
static String |
PASSWORD_PROPERTY
String name of keystore password property.
|
static TrustManager[] |
TRUST_ALL_CERTS |
Constructor and Description |
---|
SslContextFactory()
Construct an instance of SslContextFactory
Default constructor for use in XmlConfiguration files
|
SslContextFactory(boolean trustAll)
Construct an instance of SslContextFactory
Default constructor for use in XmlConfiguration files
|
SslContextFactory(String keyStorePath)
Construct an instance of SslContextFactory
|
Modifier and Type | Method and Description |
---|---|
void |
addExcludeCipherSuites(String... cipher) |
void |
addExcludeProtocols(String... protocol) |
void |
checkKeyStore()
Check KeyStore Configuration.
|
protected void |
checkNotStarted()
Check if the lifecycle has been started and throw runtime exception
|
void |
customize(SSLEngine sslEngine) |
protected void |
doStart()
Create the SSLContext object and start the lifecycle
|
protected void |
doStop() |
String |
getCertAlias() |
String |
getCrlPath() |
String[] |
getExcludeCipherSuites() |
String[] |
getExcludeProtocols() |
String[] |
getIncludeCipherSuites() |
String[] |
getIncludeProtocols() |
protected KeyManager[] |
getKeyManagers(KeyStore keyStore) |
protected KeyStore |
getKeyStore(InputStream storeStream,
String storePath,
String storeType,
String storeProvider,
String storePassword)
Deprecated.
|
String |
getKeyStorePath() |
String |
getKeyStoreProvider() |
String |
getKeyStoreType() |
int |
getMaxCertPathLength() |
boolean |
getNeedClientAuth() |
String |
getOcspResponderURL() |
String |
getProtocol() |
String |
getProvider() |
String |
getSecureRandomAlgorithm() |
SSLContext |
getSslContext() |
String |
getSslKeyManagerFactoryAlgorithm() |
int |
getSslSessionCacheSize()
Get SSL session cache size.
|
int |
getSslSessionTimeout()
Get SSL session timeout.
|
String |
getTrustManagerFactoryAlgorithm() |
protected TrustManager[] |
getTrustManagers(KeyStore trustStore,
Collection<? extends CRL> crls) |
String |
getTrustStore() |
String |
getTrustStoreProvider() |
String |
getTrustStoreType() |
boolean |
getWantClientAuth() |
boolean |
isEnableCRLDP() |
boolean |
isEnableOCSP() |
boolean |
isSessionCachingEnabled() |
boolean |
isTrustAll() |
boolean |
isValidateCerts() |
boolean |
isValidatePeerCerts() |
protected Collection<? extends CRL> |
loadCRL(String crlPath)
Loads certificate revocation list (CRL) from a file.
|
protected KeyStore |
loadKeyStore()
Override this method to provide alternate way to load a keystore.
|
protected KeyStore |
loadTrustStore()
Override this method to provide alternate way to load a truststore.
|
SSLEngine |
newSSLEngine() |
SSLEngine |
newSSLEngine(InetSocketAddress address) |
SSLEngine |
newSSLEngine(String host,
int port) |
SSLServerSocket |
newSslServerSocket(String host,
int port,
int backlog) |
SSLSocket |
newSslSocket() |
String[] |
selectCipherSuites(String[] enabledCipherSuites,
String[] supportedCipherSuites)
Select cipher suites to be used by the connector
based on configured inclusion and exclusion lists
as well as enabled and supported cipher suite lists.
|
String[] |
selectProtocols(String[] enabledProtocols,
String[] supportedProtocols)
Select protocols to be used by the connector
based on configured inclusion and exclusion lists
as well as enabled and supported protocols.
|
void |
setCertAlias(String certAlias) |
void |
setCrlPath(String crlPath) |
void |
setEnableCRLDP(boolean enableCRLDP)
Enables CRL Distribution Points Support
|
void |
setEnableOCSP(boolean enableOCSP)
Enables On-Line Certificate Status Protocol support
|
void |
setExcludeCipherSuites(String... cipherSuites) |
void |
setExcludeProtocols(String... protocols) |
void |
setIncludeCipherSuites(String... cipherSuites) |
void |
setIncludeProtocols(String... protocols) |
void |
setKeyManagerPassword(String password) |
void |
setKeyStore(KeyStore keyStore)
Set the key store.
|
void |
setKeyStorePassword(String password) |
void |
setKeyStorePath(String keyStorePath) |
void |
setKeyStoreProvider(String keyStoreProvider) |
void |
setKeyStoreResource(Resource resource)
Set the key store resource.
|
void |
setKeyStoreType(String keyStoreType) |
void |
setMaxCertPathLength(int maxCertPathLength) |
void |
setNeedClientAuth(boolean needClientAuth) |
void |
setOcspResponderURL(String ocspResponderURL)
Set the location of the OCSP Responder.
|
void |
setProtocol(String protocol) |
void |
setProvider(String provider) |
void |
setSecureRandomAlgorithm(String algorithm) |
void |
setSessionCachingEnabled(boolean enableSessionCaching)
Set the flag to enable SSL Session caching.
|
void |
setSslContext(SSLContext sslContext) |
void |
setSslKeyManagerFactoryAlgorithm(String algorithm) |
void |
setSslSessionCacheSize(int sslSessionCacheSize)
SEt SSL session cache size.
|
void |
setSslSessionTimeout(int sslSessionTimeout)
Set SSL session timeout.
|
void |
setTrustAll(boolean trustAll) |
void |
setTrustManagerFactoryAlgorithm(String algorithm) |
void |
setTrustStore(KeyStore trustStore)
Set the trust store.
|
void |
setTrustStorePassword(String password) |
void |
setTrustStorePath(String trustStorePath) |
void |
setTrustStoreProvider(String trustStoreProvider) |
void |
setTrustStoreResource(Resource resource)
Set the trust store resource.
|
void |
setTrustStoreType(String trustStoreType) |
void |
setValidateCerts(boolean validateCerts) |
void |
setValidatePeerCerts(boolean validatePeerCerts) |
void |
setWantClientAuth(boolean wantClientAuth) |
String |
toString() |
addLifeCycleListener, getState, getState, getStopTimeout, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, setStopTimeout, start, stop
public static final TrustManager[] TRUST_ALL_CERTS
public static final String DEFAULT_KEYMANAGERFACTORY_ALGORITHM
public static final String DEFAULT_TRUSTMANAGERFACTORY_ALGORITHM
public static final String DEFAULT_KEYSTORE_PATH
public static final String KEYPASSWORD_PROPERTY
public static final String PASSWORD_PROPERTY
public SslContextFactory()
public SslContextFactory(boolean trustAll)
trustAll
- whether to blindly trust all certificatessetTrustAll(boolean)
public SslContextFactory(String keyStorePath)
keyStorePath
- default keystore locationprotected void doStart() throws Exception
doStart
in class AbstractLifeCycle
Exception
AbstractLifeCycle.doStart()
protected void doStop() throws Exception
doStop
in class AbstractLifeCycle
Exception
public String[] getExcludeProtocols()
SSLEngine.setEnabledProtocols(String[])
public void setExcludeProtocols(String... protocols)
protocols
- The array of protocol names to exclude from
SSLEngine.setEnabledProtocols(String[])
public void addExcludeProtocols(String... protocol)
protocol
- Protocol names to add to SSLEngine.setEnabledProtocols(String[])
public String[] getIncludeProtocols()
SSLEngine.setEnabledProtocols(String[])
public void setIncludeProtocols(String... protocols)
protocols
- The array of protocol names to include in
SSLEngine.setEnabledProtocols(String[])
public String[] getExcludeCipherSuites()
SSLEngine.setEnabledCipherSuites(String[])
public void setExcludeCipherSuites(String... cipherSuites)
cipherSuites
- The array of cipher suite names to exclude from
SSLEngine.setEnabledCipherSuites(String[])
public void addExcludeCipherSuites(String... cipher)
cipher
- Cipher names to add to SSLEngine.setEnabledCipherSuites(String[])
public String[] getIncludeCipherSuites()
SSLEngine.setEnabledCipherSuites(String[])
public void setIncludeCipherSuites(String... cipherSuites)
cipherSuites
- The array of cipher suite names to include in
SSLEngine.setEnabledCipherSuites(String[])
public String getKeyStorePath()
public void setKeyStorePath(String keyStorePath)
keyStorePath
- The file or URL of the SSL Key store.public String getKeyStoreProvider()
public void setKeyStoreProvider(String keyStoreProvider)
keyStoreProvider
- The provider of the key storepublic String getKeyStoreType()
public void setKeyStoreType(String keyStoreType)
keyStoreType
- The type of the key store (default "JKS")public String getCertAlias()
public void setCertAlias(String certAlias)
certAlias
- Alias of SSL certificate for the connectorpublic String getTrustStore()
public void setTrustStorePath(String trustStorePath)
trustStorePath
- The file name or URL of the trust store locationpublic String getTrustStoreProvider()
public void setTrustStoreProvider(String trustStoreProvider)
trustStoreProvider
- The provider of the trust storepublic String getTrustStoreType()
public void setTrustStoreType(String trustStoreType)
trustStoreType
- The type of the trust store (default "JKS")public boolean getNeedClientAuth()
SSLEngine.getNeedClientAuth()
public void setNeedClientAuth(boolean needClientAuth)
needClientAuth
- True if SSL needs client authentication.SSLEngine.getNeedClientAuth()
public boolean getWantClientAuth()
SSLEngine.getWantClientAuth()
public void setWantClientAuth(boolean wantClientAuth)
wantClientAuth
- True if SSL wants client authentication.SSLEngine.getWantClientAuth()
public boolean isValidateCerts()
public void setValidateCerts(boolean validateCerts)
validateCerts
- true if SSL certificates have to be validatedpublic boolean isValidatePeerCerts()
public void setValidatePeerCerts(boolean validatePeerCerts)
validatePeerCerts
- true if SSL certificates of the peer have to be validatedpublic void setKeyStorePassword(String password)
password
- The password for the key storepublic void setKeyManagerPassword(String password)
password
- The password (if any) for the specific key within the key storepublic void setTrustStorePassword(String password)
password
- The password for the trust storepublic String getProvider()
SSLContext.getInstance(String, String)
public void setProvider(String provider)
provider
- The SSL provider name, which if set is passed to
SSLContext.getInstance(String, String)
public String getProtocol()
SSLContext.getInstance(String, String)
public void setProtocol(String protocol)
protocol
- The SSL protocol (default "TLS") passed to
SSLContext.getInstance(String, String)
public String getSecureRandomAlgorithm()
SecureRandom.getInstance(String)
to obtain the SecureRandom
instance passed to
SSLContext.init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)
public void setSecureRandomAlgorithm(String algorithm)
algorithm
- The algorithm name, which if set is passed to
SecureRandom.getInstance(String)
to obtain the SecureRandom
instance passed to
SSLContext.init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)
public String getSslKeyManagerFactoryAlgorithm()
KeyManagerFactory
public void setSslKeyManagerFactoryAlgorithm(String algorithm)
algorithm
- The algorithm name (default "SunX509") used by the KeyManagerFactory
public String getTrustManagerFactoryAlgorithm()
TrustManagerFactory
public boolean isTrustAll()
public void setTrustAll(boolean trustAll)
trustAll
- True if all certificates should be trusted if there is no KeyStore or TrustStorepublic void setTrustManagerFactoryAlgorithm(String algorithm)
algorithm
- The algorithm name (default "SunX509") used by the TrustManagerFactory
Use the string "TrustAll" to install a trust manager that trusts all.public String getCrlPath()
public void setCrlPath(String crlPath)
crlPath
- Path to file that contains Certificate Revocation Listpublic int getMaxCertPathLength()
public void setMaxCertPathLength(int maxCertPathLength)
maxCertPathLength
- maximum number of intermediate certificates in
the certification path (-1 for unlimited)public SSLContext getSslContext()
public void setSslContext(SSLContext sslContext)
sslContext
- Set a preconfigured SSLContextprotected KeyStore loadKeyStore() throws Exception
Exception
- if the keystore cannot be loadedprotected KeyStore loadTrustStore() throws Exception
Exception
- if the truststore cannot be loaded@Deprecated protected KeyStore getKeyStore(InputStream storeStream, String storePath, String storeType, String storeProvider, String storePassword) throws Exception
storeStream
- keystore input streamstorePath
- path of keystore filestoreType
- keystore typestoreProvider
- keystore providerstorePassword
- keystore passwordException
- if the keystore cannot be obtainedprotected Collection<? extends CRL> loadCRL(String crlPath) throws Exception
crlPath
- path of certificate revocation list fileException
- if the certificate revocation list cannot be loadedprotected KeyManager[] getKeyManagers(KeyStore keyStore) throws Exception
Exception
protected TrustManager[] getTrustManagers(KeyStore trustStore, Collection<? extends CRL> crls) throws Exception
Exception
public void checkKeyStore()
IllegalStateException
- if SslContextFactory configuration can't be used.public String[] selectProtocols(String[] enabledProtocols, String[] supportedProtocols)
enabledProtocols
- Array of enabled protocolssupportedProtocols
- Array of supported protocolspublic String[] selectCipherSuites(String[] enabledCipherSuites, String[] supportedCipherSuites)
enabledCipherSuites
- Array of enabled cipher suitessupportedCipherSuites
- Array of supported cipher suitesprotected void checkNotStarted()
public boolean isEnableCRLDP()
public void setEnableCRLDP(boolean enableCRLDP)
enableCRLDP
- true - turn on, false - turns offpublic boolean isEnableOCSP()
public void setEnableOCSP(boolean enableOCSP)
enableOCSP
- true - turn on, false - turn offpublic String getOcspResponderURL()
public void setOcspResponderURL(String ocspResponderURL)
ocspResponderURL
- location of the OCSP Responderpublic void setKeyStore(KeyStore keyStore)
keyStore
- the key store to setpublic void setTrustStore(KeyStore trustStore)
trustStore
- the trust store to setpublic void setKeyStoreResource(Resource resource)
resource
- the key store resource to setpublic void setTrustStoreResource(Resource resource)
resource
- the trust store resource to setpublic boolean isSessionCachingEnabled()
public void setSessionCachingEnabled(boolean enableSessionCaching)
enableSessionCaching
- the value of the flagpublic int getSslSessionCacheSize()
public void setSslSessionCacheSize(int sslSessionCacheSize)
sslSessionCacheSize
- SSL session cache size to setpublic int getSslSessionTimeout()
public void setSslSessionTimeout(int sslSessionTimeout)
sslSessionTimeout
- SSL session timeout to setpublic SSLServerSocket newSslServerSocket(String host, int port, int backlog) throws IOException
IOException
public SSLSocket newSslSocket() throws IOException
IOException
public SSLEngine newSSLEngine()
public void customize(SSLEngine sslEngine)
public SSLEngine newSSLEngine(InetSocketAddress address)
Copyright © 1995-2012 Mort Bay Consulting. All Rights Reserved.