|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.eclipse.jetty.util.component.AbstractLifeCycle org.eclipse.jetty.http.ssl.SslContextFactory
public class SslContextFactory
SslContextFactory is used to configure SSL connectors as well as HttpClient. It holds all SSL parameters and creates SSL context based on these parameters to be used by the SSL connectors.
Nested Class Summary |
---|
Nested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle |
---|
AbstractLifeCycle.AbstractLifeCycleListener |
Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.LifeCycle |
---|
LifeCycle.Listener |
Field Summary | |
---|---|
static String |
DEFAULT_KEYMANAGERFACTORY_ALGORITHM
|
static String |
DEFAULT_KEYSTORE_PATH
Default value for the keystore location path. |
static String |
DEFAULT_TRUSTMANAGERFACTORY_ALGORITHM
|
static String |
KEYPASSWORD_PROPERTY
String name of key password property. |
static String |
PASSWORD_PROPERTY
String name of keystore password property. |
Fields inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle |
---|
_listeners, FAILED, RUNNING, STARTED, STARTING, STOPPED, STOPPING |
Constructor Summary | |
---|---|
SslContextFactory()
Construct an instance of SslContextFactory Default constructor for use in XmlConfiguration files |
|
SslContextFactory(String keyStorePath)
Construct an instance of SslContextFactory |
Method Summary | |
---|---|
boolean |
checkConfig()
Check configuration. |
protected void |
checkStarted()
Check if the lifecycle has been started and throw runtime exception |
protected void |
createSSLContext()
|
protected void |
doStart()
Create the SSLContext object and start the lifecycle |
String |
getCertAlias()
|
String |
getCrlPath()
|
String[] |
getExcludeCipherSuites()
|
String[] |
getIncludeCipherSuites()
|
protected KeyManager[] |
getKeyManagers(KeyStore keyStore)
|
String |
getKeyStore()
|
protected KeyStore |
getKeyStore(InputStream storeStream,
String storePath,
String storeType,
String storeProvider,
String storePassword)
Loads keystore using an input stream or a file path in the same order of precedence. |
InputStream |
getKeyStoreInputStream()
Get the _keyStoreInputStream. |
String |
getKeyStoreProvider()
|
String |
getKeyStoreType()
|
int |
getMaxCertPathLength()
|
boolean |
getNeedClientAuth()
|
String |
getOcspResponderURL()
|
String |
getProtocol()
|
String |
getProvider()
|
String |
getSecureRandomAlgorithm()
|
SSLContext |
getSslContext()
|
String |
getSslKeyManagerFactoryAlgorithm()
|
String |
getTrustManagerFactoryAlgorithm()
|
protected TrustManager[] |
getTrustManagers(KeyStore trustStore,
Collection<? extends CRL> crls)
|
String |
getTrustStore()
|
InputStream |
getTrustStoreInputStream()
Get the _trustStoreInputStream. |
String |
getTrustStoreProvider()
|
String |
getTrustStoreType()
|
boolean |
getValidateCerts()
Deprecated. |
boolean |
getWantClientAuth()
|
boolean |
isAllowRenegotiate()
|
boolean |
isEnableCRLDP()
|
boolean |
isEnableOCSP()
|
boolean |
isValidateCerts()
|
protected Collection<? extends CRL> |
loadCRL(String crlPath)
Loads certificate revocation list (CRL) from a file. |
String[] |
selectCipherSuites(String[] enabledCipherSuites,
String[] supportedCipherSuites)
Select cipher suites to be used by the connector based on configured inclusion and exclusion lists as well as enabled and supported cipher suite lists. |
void |
setAllowRenegotiate(boolean allowRenegotiate)
Set if SSL re-negotiation is allowed. |
void |
setCertAlias(String certAlias)
|
void |
setCrlPath(String crlPath)
|
void |
setEnableCRLDP(boolean enableCRLDP)
Enables CRL Distribution Points Support |
void |
setEnableOCSP(boolean enableOCSP)
Enables On-Line Certificate Status Protocol support |
void |
setExcludeCipherSuites(String[] cipherSuites)
|
void |
setIncludeCipherSuites(String[] cipherSuites)
|
void |
setKeyManagerPassword(String password)
|
void |
setKeyStore(String keyStorePath)
|
void |
setKeyStoreInputStream(InputStream keyStoreInputStream)
Set the keyStoreInputStream. |
void |
setKeyStorePassword(String password)
|
void |
setKeyStoreProvider(String keyStoreProvider)
|
void |
setKeyStoreType(String keyStoreType)
|
void |
setMaxCertPathLength(int maxCertPathLength)
|
void |
setNeedClientAuth(boolean needClientAuth)
|
void |
setOcspResponderURL(String ocspResponderURL)
Set the location of the OCSP Responder. |
void |
setProtocol(String protocol)
|
void |
setProvider(String provider)
|
void |
setSecureRandomAlgorithm(String algorithm)
|
void |
setSslContext(SSLContext sslContext)
|
void |
setSslKeyManagerFactoryAlgorithm(String algorithm)
|
void |
setTrustManagerFactoryAlgorithm(String algorithm)
|
void |
setTrustStore(String trustStorePath)
|
void |
setTrustStoreInputStream(InputStream trustStoreInputStream)
Set the _trustStoreInputStream. |
void |
setTrustStorePassword(String password)
|
void |
setTrustStoreProvider(String trustStoreProvider)
|
void |
setTrustStoreType(String trustStoreType)
|
void |
setValidateCerts(boolean validateCerts)
|
void |
setWantClientAuth(boolean wantClientAuth)
|
Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle |
---|
addLifeCycleListener, doStop, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final String DEFAULT_KEYMANAGERFACTORY_ALGORITHM
public static final String DEFAULT_TRUSTMANAGERFACTORY_ALGORITHM
public static final String DEFAULT_KEYSTORE_PATH
public static final String KEYPASSWORD_PROPERTY
public static final String PASSWORD_PROPERTY
Constructor Detail |
---|
public SslContextFactory()
public SslContextFactory(String keyStorePath)
keyStorePath
- default keystore locationMethod Detail |
---|
protected void doStart() throws Exception
doStart
in class AbstractLifeCycle
Exception
AbstractLifeCycle.doStart()
public String[] getExcludeCipherSuites()
SSLEngine.setEnabledCipherSuites(String[])
public void setExcludeCipherSuites(String[] cipherSuites)
cipherSuites
- The array of cipher suite names to exclude from
SSLEngine.setEnabledCipherSuites(String[])
public String[] getIncludeCipherSuites()
SSLEngine.setEnabledCipherSuites(String[])
public void setIncludeCipherSuites(String[] cipherSuites)
cipherSuites
- The array of cipher suite names to include in
SSLEngine.setEnabledCipherSuites(String[])
public String getKeyStore()
public void setKeyStore(String keyStorePath)
keyStorePath
- The file or URL of the SSL Key store.public String getKeyStoreProvider()
public void setKeyStoreProvider(String keyStoreProvider)
keyStoreProvider
- The provider of the key storepublic String getKeyStoreType()
public void setKeyStoreType(String keyStoreType)
keyStoreType
- The type of the key store (default "JKS")public InputStream getKeyStoreInputStream()
public void setKeyStoreInputStream(InputStream keyStoreInputStream)
keyStoreInputStream
- the InputStream to the KeyStorepublic String getCertAlias()
public void setCertAlias(String certAlias)
certAlias
- Alias of SSL certificate for the connectorpublic String getTrustStore()
public void setTrustStore(String trustStorePath)
trustStorePath
- The file name or URL of the trust store locationpublic String getTrustStoreProvider()
public void setTrustStoreProvider(String trustStoreProvider)
trustStoreProvider
- The provider of the trust storepublic String getTrustStoreType()
public void setTrustStoreType(String trustStoreType)
trustStoreType
- The type of the trust store (default "JKS")public InputStream getTrustStoreInputStream()
public void setTrustStoreInputStream(InputStream trustStoreInputStream)
trustStoreInputStream
- the InputStream to the TrustStorepublic boolean getNeedClientAuth()
SSLEngine.getNeedClientAuth()
public void setNeedClientAuth(boolean needClientAuth)
needClientAuth
- True if SSL needs client authentication.SSLEngine.getNeedClientAuth()
public boolean getWantClientAuth()
SSLEngine.getWantClientAuth()
public void setWantClientAuth(boolean wantClientAuth)
wantClientAuth
- True if SSL wants client authentication.SSLEngine.getWantClientAuth()
@Deprecated public boolean getValidateCerts()
public boolean isValidateCerts()
public void setValidateCerts(boolean validateCerts)
validateCerts
- true if SSL certificates have to be validatedpublic boolean isAllowRenegotiate()
public void setAllowRenegotiate(boolean allowRenegotiate)
allowRenegotiate
- true if re-negotiation is allowed (default false)public void setKeyStorePassword(String password)
password
- The password for the key storepublic void setKeyManagerPassword(String password)
password
- The password (if any) for the specific key within the key storepublic void setTrustStorePassword(String password)
password
- The password for the trust storepublic String getProvider()
SSLContext.getInstance(String, String)
public void setProvider(String provider)
provider
- The SSL provider name, which if set is passed to
SSLContext.getInstance(String, String)
public String getProtocol()
SSLContext.getInstance(String, String)
public void setProtocol(String protocol)
protocol
- The SSL protocol (default "TLS") passed to
SSLContext.getInstance(String, String)
public String getSecureRandomAlgorithm()
SecureRandom.getInstance(String)
to obtain the SecureRandom
instance passed to
SSLContext.init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)
public void setSecureRandomAlgorithm(String algorithm)
algorithm
- The algorithm name, which if set is passed to
SecureRandom.getInstance(String)
to obtain the SecureRandom
instance passed to
SSLContext.init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)
public String getSslKeyManagerFactoryAlgorithm()
KeyManagerFactory
public void setSslKeyManagerFactoryAlgorithm(String algorithm)
algorithm
- The algorithm name (default "SunX509") used by the KeyManagerFactory
public String getTrustManagerFactoryAlgorithm()
TrustManagerFactory
public void setTrustManagerFactoryAlgorithm(String algorithm)
algorithm
- The algorithm name (default "SunX509") used by the TrustManagerFactory
public String getCrlPath()
public void setCrlPath(String crlPath)
crlPath
- Path to file that contains Certificate Revocation Listpublic int getMaxCertPathLength()
public void setMaxCertPathLength(int maxCertPathLength)
maxCertPathLength
- maximum number of intermediate certificates in
the certification path (-1 for unlimited)public SSLContext getSslContext()
public void setSslContext(SSLContext sslContext)
sslContext
- Set a preconfigured SSLContextprotected void createSSLContext() throws Exception
Exception
protected KeyStore getKeyStore(InputStream storeStream, String storePath, String storeType, String storeProvider, String storePassword) throws Exception
storeStream
- keystore input streamstorePath
- path of keystore filestoreType
- keystore typestoreProvider
- keystore providerstorePassword
- keystore password
Exception
protected Collection<? extends CRL> loadCRL(String crlPath) throws Exception
crlPath
- path of certificate revocation list file
Exception
protected KeyManager[] getKeyManagers(KeyStore keyStore) throws Exception
Exception
protected TrustManager[] getTrustManagers(KeyStore trustStore, Collection<? extends CRL> crls) throws Exception
Exception
public boolean checkConfig()
public String[] selectCipherSuites(String[] enabledCipherSuites, String[] supportedCipherSuites)
enabledCipherSuites
- Array of enabled cipher suitessupportedCipherSuites
- Array of supported cipher suites
protected void checkStarted()
public boolean isEnableCRLDP()
public void setEnableCRLDP(boolean enableCRLDP)
enableCRLDP
- true - turn on, false - turns offpublic boolean isEnableOCSP()
public void setEnableOCSP(boolean enableOCSP)
enableOCSP
- true - turn on, false - turn offpublic String getOcspResponderURL()
public void setOcspResponderURL(String ocspResponderURL)
ocspResponderURL
- location of the OCSP Responder
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |