public class SslContextFactory extends AbstractLifeCycle
AbstractLifeCycle.AbstractLifeCycleListener
LifeCycle.Listener
Modifier and Type | Field and Description |
---|---|
static String |
DEFAULT_KEYMANAGERFACTORY_ALGORITHM |
static String |
DEFAULT_KEYSTORE_PATH
Default value for the keystore location path.
|
static String |
DEFAULT_TRUSTMANAGERFACTORY_ALGORITHM |
static String |
KEYPASSWORD_PROPERTY
String name of key password property.
|
static String |
PASSWORD_PROPERTY
String name of keystore password property.
|
static TrustManager[] |
TRUST_ALL_CERTS |
_listeners, FAILED, RUNNING, STARTED, STARTING, STOPPED, STOPPING
Constructor and Description |
---|
SslContextFactory()
Construct an instance of SslContextFactory
Default constructor for use in XmlConfiguration files
|
SslContextFactory(boolean trustAll)
Construct an instance of SslContextFactory
Default constructor for use in XmlConfiguration files
|
SslContextFactory(String keyStorePath)
Construct an instance of SslContextFactory
|
Modifier and Type | Method and Description |
---|---|
void |
addExcludeCipherSuites(String... cipher) |
void |
addExcludeProtocols(String... protocol) |
void |
checkKeyStore()
Check KeyStore Configuration.
|
protected void |
checkNotStarted()
Check if the lifecycle has been started and throw runtime exception
|
void |
customize(SSLEngine sslEngine) |
protected void |
doStart()
Create the SSLContext object and start the lifecycle
|
String |
getCertAlias() |
String |
getCrlPath() |
String[] |
getExcludeCipherSuites() |
String[] |
getExcludeProtocols() |
String[] |
getIncludeCipherSuites() |
String[] |
getIncludeProtocols() |
protected KeyManager[] |
getKeyManagers(KeyStore keyStore) |
String |
getKeyStore()
Deprecated.
|
protected KeyStore |
getKeyStore(InputStream storeStream,
String storePath,
String storeType,
String storeProvider,
String storePassword)
Deprecated.
|
InputStream |
getKeyStoreInputStream()
Deprecated.
|
String |
getKeyStorePath() |
String |
getKeyStoreProvider() |
String |
getKeyStoreType() |
int |
getMaxCertPathLength() |
boolean |
getNeedClientAuth() |
String |
getOcspResponderURL() |
String |
getProtocol() |
String |
getProvider() |
String |
getSecureRandomAlgorithm() |
SSLContext |
getSslContext() |
String |
getSslKeyManagerFactoryAlgorithm() |
int |
getSslSessionCacheSize()
Get SSL session cache size.
|
int |
getSslSessionTimeout()
Get SSL session timeout.
|
String |
getTrustManagerFactoryAlgorithm() |
protected TrustManager[] |
getTrustManagers(KeyStore trustStore,
Collection<? extends CRL> crls) |
String |
getTrustStore() |
InputStream |
getTrustStoreInputStream()
Deprecated.
|
String |
getTrustStoreProvider() |
String |
getTrustStoreType() |
boolean |
getValidateCerts()
Deprecated.
|
boolean |
getWantClientAuth() |
boolean |
isAllowRenegotiate() |
boolean |
isEnableCRLDP() |
boolean |
isEnableOCSP() |
boolean |
isSessionCachingEnabled() |
boolean |
isTrustAll() |
boolean |
isValidateCerts() |
boolean |
isValidatePeerCerts() |
protected Collection<? extends CRL> |
loadCRL(String crlPath)
Loads certificate revocation list (CRL) from a file.
|
protected KeyStore |
loadKeyStore()
Override this method to provide alternate way to load a keystore.
|
protected KeyStore |
loadTrustStore()
Override this method to provide alternate way to load a truststore.
|
SSLEngine |
newSslEngine() |
SSLEngine |
newSslEngine(String host,
int port) |
SSLServerSocket |
newSslServerSocket(String host,
int port,
int backlog) |
SSLSocket |
newSslSocket() |
String[] |
selectCipherSuites(String[] enabledCipherSuites,
String[] supportedCipherSuites)
Select cipher suites to be used by the connector
based on configured inclusion and exclusion lists
as well as enabled and supported cipher suite lists.
|
String[] |
selectProtocols(String[] enabledProtocols,
String[] supportedProtocols)
Select protocols to be used by the connector
based on configured inclusion and exclusion lists
as well as enabled and supported protocols.
|
void |
setAllowRenegotiate(boolean allowRenegotiate)
Set if SSL re-negotiation is allowed.
|
void |
setCertAlias(String certAlias) |
void |
setCrlPath(String crlPath) |
void |
setEnableCRLDP(boolean enableCRLDP)
Enables CRL Distribution Points Support
|
void |
setEnableOCSP(boolean enableOCSP)
Enables On-Line Certificate Status Protocol support
|
void |
setExcludeCipherSuites(String... cipherSuites) |
void |
setExcludeProtocols(String... protocols) |
void |
setIncludeCipherSuites(String... cipherSuites) |
void |
setIncludeProtocols(String... protocols) |
void |
setKeyManagerPassword(String password) |
void |
setKeyStore(KeyStore keyStore)
Set the key store.
|
void |
setKeyStore(String keyStorePath)
Deprecated.
|
void |
setKeyStoreInputStream(InputStream keyStoreInputStream)
Deprecated.
|
void |
setKeyStorePassword(String password) |
void |
setKeyStorePath(String keyStorePath) |
void |
setKeyStoreProvider(String keyStoreProvider) |
void |
setKeyStoreResource(Resource resource)
Set the key store resource.
|
void |
setKeyStoreType(String keyStoreType) |
void |
setMaxCertPathLength(int maxCertPathLength) |
void |
setNeedClientAuth(boolean needClientAuth) |
void |
setOcspResponderURL(String ocspResponderURL)
Set the location of the OCSP Responder.
|
void |
setProtocol(String protocol) |
void |
setProvider(String provider) |
void |
setSecureRandomAlgorithm(String algorithm) |
void |
setSessionCachingEnabled(boolean enableSessionCaching)
Set the flag to enable SSL Session caching.
|
void |
setSslContext(SSLContext sslContext) |
void |
setSslKeyManagerFactoryAlgorithm(String algorithm) |
void |
setSslSessionCacheSize(int sslSessionCacheSize)
SEt SSL session cache size.
|
void |
setSslSessionTimeout(int sslSessionTimeout)
Set SSL session timeout.
|
void |
setTrustAll(boolean trustAll) |
void |
setTrustManagerFactoryAlgorithm(String algorithm) |
void |
setTrustStore(KeyStore trustStore)
Set the trust store.
|
void |
setTrustStore(String trustStorePath) |
void |
setTrustStoreInputStream(InputStream trustStoreInputStream)
Deprecated.
|
void |
setTrustStorePassword(String password) |
void |
setTrustStoreProvider(String trustStoreProvider) |
void |
setTrustStoreResource(Resource resource)
Set the trust store resource.
|
void |
setTrustStoreType(String trustStoreType) |
void |
setValidateCerts(boolean validateCerts) |
void |
setValidatePeerCerts(boolean validatePeerCerts) |
void |
setWantClientAuth(boolean wantClientAuth) |
String |
toString() |
addLifeCycleListener, doStop, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop
public static final TrustManager[] TRUST_ALL_CERTS
public static final String DEFAULT_KEYMANAGERFACTORY_ALGORITHM
public static final String DEFAULT_TRUSTMANAGERFACTORY_ALGORITHM
public static final String DEFAULT_KEYSTORE_PATH
public static final String KEYPASSWORD_PROPERTY
public static final String PASSWORD_PROPERTY
public SslContextFactory()
public SslContextFactory(boolean trustAll)
trustAll
- whether to blindly trust all certificatessetTrustAll(boolean)
public SslContextFactory(String keyStorePath)
keyStorePath
- default keystore locationprotected void doStart() throws Exception
doStart
in class AbstractLifeCycle
Exception
AbstractLifeCycle.doStart()
public String[] getExcludeProtocols()
SSLEngine.setEnabledProtocols(String[])
public void setExcludeProtocols(String... protocols)
protocols
- The array of protocol names to exclude from
SSLEngine.setEnabledProtocols(String[])
public void addExcludeProtocols(String... protocol)
protocol
- Protocol names to add to SSLEngine.setEnabledProtocols(String[])
public String[] getIncludeProtocols()
SSLEngine.setEnabledProtocols(String[])
public void setIncludeProtocols(String... protocols)
protocols
- The array of protocol names to include in
SSLEngine.setEnabledProtocols(String[])
public String[] getExcludeCipherSuites()
SSLEngine.setEnabledCipherSuites(String[])
public void setExcludeCipherSuites(String... cipherSuites)
cipherSuites
- The array of cipher suite names to exclude from
SSLEngine.setEnabledCipherSuites(String[])
public void addExcludeCipherSuites(String... cipher)
cipher
- Cipher names to add to SSLEngine.setEnabledCipherSuites(String[])
public String[] getIncludeCipherSuites()
SSLEngine.setEnabledCipherSuites(String[])
public void setIncludeCipherSuites(String... cipherSuites)
cipherSuites
- The array of cipher suite names to include in
SSLEngine.setEnabledCipherSuites(String[])
public String getKeyStorePath()
@Deprecated public String getKeyStore()
public void setKeyStorePath(String keyStorePath)
keyStorePath
- The file or URL of the SSL Key store.@Deprecated public void setKeyStore(String keyStorePath)
setKeyStorePath(String)
keyStorePath
- the file system path or URL of the keystorepublic String getKeyStoreProvider()
public void setKeyStoreProvider(String keyStoreProvider)
keyStoreProvider
- The provider of the key storepublic String getKeyStoreType()
public void setKeyStoreType(String keyStoreType)
keyStoreType
- The type of the key store (default "JKS")@Deprecated public InputStream getKeyStoreInputStream()
@Deprecated public void setKeyStoreInputStream(InputStream keyStoreInputStream)
setKeyStore(KeyStore)
keyStoreInputStream
- the InputStream to the KeyStorepublic String getCertAlias()
public void setCertAlias(String certAlias)
certAlias
- Alias of SSL certificate for the connectorpublic String getTrustStore()
public void setTrustStore(String trustStorePath)
trustStorePath
- The file name or URL of the trust store locationpublic String getTrustStoreProvider()
public void setTrustStoreProvider(String trustStoreProvider)
trustStoreProvider
- The provider of the trust storepublic String getTrustStoreType()
public void setTrustStoreType(String trustStoreType)
trustStoreType
- The type of the trust store (default "JKS")@Deprecated public InputStream getTrustStoreInputStream()
@Deprecated public void setTrustStoreInputStream(InputStream trustStoreInputStream)
trustStoreInputStream
- the InputStream to the TrustStorepublic boolean getNeedClientAuth()
SSLEngine.getNeedClientAuth()
public void setNeedClientAuth(boolean needClientAuth)
needClientAuth
- True if SSL needs client authentication.SSLEngine.getNeedClientAuth()
public boolean getWantClientAuth()
SSLEngine.getWantClientAuth()
public void setWantClientAuth(boolean wantClientAuth)
wantClientAuth
- True if SSL wants client authentication.SSLEngine.getWantClientAuth()
@Deprecated public boolean getValidateCerts()
public boolean isValidateCerts()
public void setValidateCerts(boolean validateCerts)
validateCerts
- true if SSL certificates have to be validatedpublic boolean isValidatePeerCerts()
public void setValidatePeerCerts(boolean validatePeerCerts)
validatePeerCerts
- true if SSL certificates of the peer have to be validatedpublic boolean isAllowRenegotiate()
public void setAllowRenegotiate(boolean allowRenegotiate)
allowRenegotiate
- true if re-negotiation is allowed (default false)public void setKeyStorePassword(String password)
password
- The password for the key storepublic void setKeyManagerPassword(String password)
password
- The password (if any) for the specific key within the key storepublic void setTrustStorePassword(String password)
password
- The password for the trust storepublic String getProvider()
SSLContext.getInstance(String, String)
public void setProvider(String provider)
provider
- The SSL provider name, which if set is passed to
SSLContext.getInstance(String, String)
public String getProtocol()
SSLContext.getInstance(String, String)
public void setProtocol(String protocol)
protocol
- The SSL protocol (default "TLS") passed to
SSLContext.getInstance(String, String)
public String getSecureRandomAlgorithm()
SecureRandom.getInstance(String)
to obtain the SecureRandom
instance passed to
SSLContext.init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)
public void setSecureRandomAlgorithm(String algorithm)
algorithm
- The algorithm name, which if set is passed to
SecureRandom.getInstance(String)
to obtain the SecureRandom
instance passed to
SSLContext.init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)
public String getSslKeyManagerFactoryAlgorithm()
KeyManagerFactory
public void setSslKeyManagerFactoryAlgorithm(String algorithm)
algorithm
- The algorithm name (default "SunX509") used by the KeyManagerFactory
public String getTrustManagerFactoryAlgorithm()
TrustManagerFactory
public boolean isTrustAll()
public void setTrustAll(boolean trustAll)
trustAll
- True if all certificates should be trusted if there is no KeyStore or TrustStorepublic void setTrustManagerFactoryAlgorithm(String algorithm)
algorithm
- The algorithm name (default "SunX509") used by the TrustManagerFactory
Use the string "TrustAll" to install a trust manager that trusts all.public String getCrlPath()
public void setCrlPath(String crlPath)
crlPath
- Path to file that contains Certificate Revocation Listpublic int getMaxCertPathLength()
public void setMaxCertPathLength(int maxCertPathLength)
maxCertPathLength
- maximum number of intermediate certificates in
the certification path (-1 for unlimited)public SSLContext getSslContext()
public void setSslContext(SSLContext sslContext)
sslContext
- Set a preconfigured SSLContextprotected KeyStore loadKeyStore() throws Exception
Exception
- if the keystore cannot be loadedprotected KeyStore loadTrustStore() throws Exception
Exception
- if the truststore cannot be loaded@Deprecated protected KeyStore getKeyStore(InputStream storeStream, String storePath, String storeType, String storeProvider, String storePassword) throws Exception
storeStream
- keystore input streamstorePath
- path of keystore filestoreType
- keystore typestoreProvider
- keystore providerstorePassword
- keystore passwordException
- if the keystore cannot be obtainedprotected Collection<? extends CRL> loadCRL(String crlPath) throws Exception
crlPath
- path of certificate revocation list fileException
- if the certificate revocation list cannot be loadedprotected KeyManager[] getKeyManagers(KeyStore keyStore) throws Exception
Exception
protected TrustManager[] getTrustManagers(KeyStore trustStore, Collection<? extends CRL> crls) throws Exception
Exception
public void checkKeyStore()
IllegalStateException
- if SslContextFactory configuration can't be used.public String[] selectProtocols(String[] enabledProtocols, String[] supportedProtocols)
enabledProtocols
- Array of enabled protocolssupportedProtocols
- Array of supported protocolspublic String[] selectCipherSuites(String[] enabledCipherSuites, String[] supportedCipherSuites)
enabledCipherSuites
- Array of enabled cipher suitessupportedCipherSuites
- Array of supported cipher suitesprotected void checkNotStarted()
public boolean isEnableCRLDP()
public void setEnableCRLDP(boolean enableCRLDP)
enableCRLDP
- true - turn on, false - turns offpublic boolean isEnableOCSP()
public void setEnableOCSP(boolean enableOCSP)
enableOCSP
- true - turn on, false - turn offpublic String getOcspResponderURL()
public void setOcspResponderURL(String ocspResponderURL)
ocspResponderURL
- location of the OCSP Responderpublic void setKeyStore(KeyStore keyStore)
keyStore
- the key store to setpublic void setTrustStore(KeyStore trustStore)
trustStore
- the trust store to setpublic void setKeyStoreResource(Resource resource)
resource
- the key store resource to setpublic void setTrustStoreResource(Resource resource)
resource
- the trust store resource to setpublic boolean isSessionCachingEnabled()
public void setSessionCachingEnabled(boolean enableSessionCaching)
enableSessionCaching
- the value of the flagpublic int getSslSessionCacheSize()
public void setSslSessionCacheSize(int sslSessionCacheSize)
sslSessionCacheSize
- SSL session cache size to setpublic int getSslSessionTimeout()
public void setSslSessionTimeout(int sslSessionTimeout)
sslSessionTimeout
- SSL session timeout to setpublic SSLServerSocket newSslServerSocket(String host, int port, int backlog) throws IOException
IOException
public SSLSocket newSslSocket() throws IOException
IOException
public SSLEngine newSslEngine()
public void customize(SSLEngine sslEngine)
Copyright © 1995-2013 Mort Bay Consulting. All Rights Reserved.