public class SslContextFactory extends AbstractLifeCycle
AbstractLifeCycle.AbstractLifeCycleListenerLifeCycle.Listener| Modifier and Type | Field and Description |
|---|---|
static String |
DEFAULT_KEYMANAGERFACTORY_ALGORITHM |
static String |
DEFAULT_KEYSTORE_PATH
Default value for the keystore location path.
|
static String |
DEFAULT_TRUSTMANAGERFACTORY_ALGORITHM |
static String |
KEYPASSWORD_PROPERTY
String name of key password property.
|
static String |
PASSWORD_PROPERTY
String name of keystore password property.
|
static TrustManager[] |
TRUST_ALL_CERTS |
_listeners, FAILED, RUNNING, STARTED, STARTING, STOPPED, STOPPING| Constructor and Description |
|---|
SslContextFactory()
Construct an instance of SslContextFactory
Default constructor for use in XmlConfiguration files
|
SslContextFactory(boolean trustAll)
Construct an instance of SslContextFactory
Default constructor for use in XmlConfiguration files
|
SslContextFactory(String keyStorePath)
Construct an instance of SslContextFactory
|
| Modifier and Type | Method and Description |
|---|---|
void |
addExcludeCipherSuites(String... cipher) |
void |
addExcludeProtocols(String... protocol) |
void |
checkKeyStore()
Check KeyStore Configuration.
|
protected void |
checkNotStarted()
Check if the lifecycle has been started and throw runtime exception
|
void |
customize(SSLEngine sslEngine) |
protected void |
doStart()
Create the SSLContext object and start the lifecycle
|
String |
getCertAlias() |
String |
getCrlPath() |
String[] |
getExcludeCipherSuites() |
String[] |
getExcludeProtocols() |
String[] |
getIncludeCipherSuites() |
String[] |
getIncludeProtocols() |
protected KeyManager[] |
getKeyManagers(KeyStore keyStore) |
String |
getKeyStore()
Deprecated.
|
protected KeyStore |
getKeyStore(InputStream storeStream,
String storePath,
String storeType,
String storeProvider,
String storePassword)
Deprecated.
|
InputStream |
getKeyStoreInputStream()
Deprecated.
|
String |
getKeyStorePath() |
String |
getKeyStoreProvider() |
String |
getKeyStoreType() |
int |
getMaxCertPathLength() |
boolean |
getNeedClientAuth() |
String |
getOcspResponderURL() |
String |
getProtocol() |
String |
getProvider() |
String |
getSecureRandomAlgorithm() |
SSLContext |
getSslContext() |
String |
getSslKeyManagerFactoryAlgorithm() |
int |
getSslSessionCacheSize()
Get SSL session cache size.
|
int |
getSslSessionTimeout()
Get SSL session timeout.
|
String |
getTrustManagerFactoryAlgorithm() |
protected TrustManager[] |
getTrustManagers(KeyStore trustStore,
Collection<? extends CRL> crls) |
String |
getTrustStore() |
InputStream |
getTrustStoreInputStream()
Deprecated.
|
String |
getTrustStoreProvider() |
String |
getTrustStoreType() |
boolean |
getValidateCerts()
Deprecated.
|
boolean |
getWantClientAuth() |
boolean |
isAllowRenegotiate() |
boolean |
isEnableCRLDP() |
boolean |
isEnableOCSP() |
boolean |
isSessionCachingEnabled() |
boolean |
isTrustAll() |
boolean |
isValidateCerts() |
boolean |
isValidatePeerCerts() |
protected Collection<? extends CRL> |
loadCRL(String crlPath)
Loads certificate revocation list (CRL) from a file.
|
protected KeyStore |
loadKeyStore()
Override this method to provide alternate way to load a keystore.
|
protected KeyStore |
loadTrustStore()
Override this method to provide alternate way to load a truststore.
|
SSLEngine |
newSslEngine() |
SSLEngine |
newSslEngine(String host,
int port) |
SSLServerSocket |
newSslServerSocket(String host,
int port,
int backlog) |
SSLSocket |
newSslSocket() |
String[] |
selectCipherSuites(String[] enabledCipherSuites,
String[] supportedCipherSuites)
Select cipher suites to be used by the connector
based on configured inclusion and exclusion lists
as well as enabled and supported cipher suite lists.
|
String[] |
selectProtocols(String[] enabledProtocols,
String[] supportedProtocols)
Select protocols to be used by the connector
based on configured inclusion and exclusion lists
as well as enabled and supported protocols.
|
void |
setAllowRenegotiate(boolean allowRenegotiate)
Set if SSL re-negotiation is allowed.
|
void |
setCertAlias(String certAlias) |
void |
setCrlPath(String crlPath) |
void |
setEnableCRLDP(boolean enableCRLDP)
Enables CRL Distribution Points Support
|
void |
setEnableOCSP(boolean enableOCSP)
Enables On-Line Certificate Status Protocol support
|
void |
setExcludeCipherSuites(String... cipherSuites) |
void |
setExcludeProtocols(String... protocols) |
void |
setIncludeCipherSuites(String... cipherSuites) |
void |
setIncludeProtocols(String... protocols) |
void |
setKeyManagerPassword(String password) |
void |
setKeyStore(KeyStore keyStore)
Set the key store.
|
void |
setKeyStore(String keyStorePath)
Deprecated.
|
void |
setKeyStoreInputStream(InputStream keyStoreInputStream)
Deprecated.
|
void |
setKeyStorePassword(String password) |
void |
setKeyStorePath(String keyStorePath) |
void |
setKeyStoreProvider(String keyStoreProvider) |
void |
setKeyStoreResource(Resource resource)
Set the key store resource.
|
void |
setKeyStoreType(String keyStoreType) |
void |
setMaxCertPathLength(int maxCertPathLength) |
void |
setNeedClientAuth(boolean needClientAuth) |
void |
setOcspResponderURL(String ocspResponderURL)
Set the location of the OCSP Responder.
|
void |
setProtocol(String protocol) |
void |
setProvider(String provider) |
void |
setSecureRandomAlgorithm(String algorithm) |
void |
setSessionCachingEnabled(boolean enableSessionCaching)
Set the flag to enable SSL Session caching.
|
void |
setSslContext(SSLContext sslContext) |
void |
setSslKeyManagerFactoryAlgorithm(String algorithm) |
void |
setSslSessionCacheSize(int sslSessionCacheSize)
SEt SSL session cache size.
|
void |
setSslSessionTimeout(int sslSessionTimeout)
Set SSL session timeout.
|
void |
setTrustAll(boolean trustAll) |
void |
setTrustManagerFactoryAlgorithm(String algorithm) |
void |
setTrustStore(KeyStore trustStore)
Set the trust store.
|
void |
setTrustStore(String trustStorePath) |
void |
setTrustStoreInputStream(InputStream trustStoreInputStream)
Deprecated.
|
void |
setTrustStorePassword(String password) |
void |
setTrustStoreProvider(String trustStoreProvider) |
void |
setTrustStoreResource(Resource resource)
Set the trust store resource.
|
void |
setTrustStoreType(String trustStoreType) |
void |
setValidateCerts(boolean validateCerts) |
void |
setValidatePeerCerts(boolean validatePeerCerts) |
void |
setWantClientAuth(boolean wantClientAuth) |
String |
toString() |
addLifeCycleListener, doStop, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stoppublic static final TrustManager[] TRUST_ALL_CERTS
public static final String DEFAULT_KEYMANAGERFACTORY_ALGORITHM
public static final String DEFAULT_TRUSTMANAGERFACTORY_ALGORITHM
public static final String DEFAULT_KEYSTORE_PATH
public static final String KEYPASSWORD_PROPERTY
public static final String PASSWORD_PROPERTY
public SslContextFactory()
public SslContextFactory(boolean trustAll)
trustAll - whether to blindly trust all certificatessetTrustAll(boolean)public SslContextFactory(String keyStorePath)
keyStorePath - default keystore locationprotected void doStart()
throws Exception
doStart in class AbstractLifeCycleExceptionAbstractLifeCycle.doStart()public String[] getExcludeProtocols()
SSLEngine.setEnabledProtocols(String[])public void setExcludeProtocols(String... protocols)
protocols - The array of protocol names to exclude from
SSLEngine.setEnabledProtocols(String[])public void addExcludeProtocols(String... protocol)
protocol - Protocol names to add to SSLEngine.setEnabledProtocols(String[])public String[] getIncludeProtocols()
SSLEngine.setEnabledProtocols(String[])public void setIncludeProtocols(String... protocols)
protocols - The array of protocol names to include in
SSLEngine.setEnabledProtocols(String[])public String[] getExcludeCipherSuites()
SSLEngine.setEnabledCipherSuites(String[])public void setExcludeCipherSuites(String... cipherSuites)
cipherSuites - The array of cipher suite names to exclude from
SSLEngine.setEnabledCipherSuites(String[])public void addExcludeCipherSuites(String... cipher)
cipher - Cipher names to add to SSLEngine.setEnabledCipherSuites(String[])public String[] getIncludeCipherSuites()
SSLEngine.setEnabledCipherSuites(String[])public void setIncludeCipherSuites(String... cipherSuites)
cipherSuites - The array of cipher suite names to include in
SSLEngine.setEnabledCipherSuites(String[])public String getKeyStorePath()
@Deprecated public String getKeyStore()
public void setKeyStorePath(String keyStorePath)
keyStorePath - The file or URL of the SSL Key store.@Deprecated public void setKeyStore(String keyStorePath)
setKeyStorePath(String)keyStorePath - the file system path or URL of the keystorepublic String getKeyStoreProvider()
public void setKeyStoreProvider(String keyStoreProvider)
keyStoreProvider - The provider of the key storepublic String getKeyStoreType()
public void setKeyStoreType(String keyStoreType)
keyStoreType - The type of the key store (default "JKS")@Deprecated public InputStream getKeyStoreInputStream()
@Deprecated public void setKeyStoreInputStream(InputStream keyStoreInputStream)
setKeyStore(KeyStore)keyStoreInputStream - the InputStream to the KeyStorepublic String getCertAlias()
public void setCertAlias(String certAlias)
certAlias - Alias of SSL certificate for the connectorpublic String getTrustStore()
public void setTrustStore(String trustStorePath)
trustStorePath - The file name or URL of the trust store locationpublic String getTrustStoreProvider()
public void setTrustStoreProvider(String trustStoreProvider)
trustStoreProvider - The provider of the trust storepublic String getTrustStoreType()
public void setTrustStoreType(String trustStoreType)
trustStoreType - The type of the trust store (default "JKS")@Deprecated public InputStream getTrustStoreInputStream()
@Deprecated public void setTrustStoreInputStream(InputStream trustStoreInputStream)
trustStoreInputStream - the InputStream to the TrustStorepublic boolean getNeedClientAuth()
SSLEngine.getNeedClientAuth()public void setNeedClientAuth(boolean needClientAuth)
needClientAuth - True if SSL needs client authentication.SSLEngine.getNeedClientAuth()public boolean getWantClientAuth()
SSLEngine.getWantClientAuth()public void setWantClientAuth(boolean wantClientAuth)
wantClientAuth - True if SSL wants client authentication.SSLEngine.getWantClientAuth()@Deprecated public boolean getValidateCerts()
public boolean isValidateCerts()
public void setValidateCerts(boolean validateCerts)
validateCerts - true if SSL certificates have to be validatedpublic boolean isValidatePeerCerts()
public void setValidatePeerCerts(boolean validatePeerCerts)
validatePeerCerts - true if SSL certificates of the peer have to be validatedpublic boolean isAllowRenegotiate()
public void setAllowRenegotiate(boolean allowRenegotiate)
allowRenegotiate - true if re-negotiation is allowed (default false)public void setKeyStorePassword(String password)
password - The password for the key storepublic void setKeyManagerPassword(String password)
password - The password (if any) for the specific key within the key storepublic void setTrustStorePassword(String password)
password - The password for the trust storepublic String getProvider()
SSLContext.getInstance(String, String)public void setProvider(String provider)
provider - The SSL provider name, which if set is passed to
SSLContext.getInstance(String, String)public String getProtocol()
SSLContext.getInstance(String, String)public void setProtocol(String protocol)
protocol - The SSL protocol (default "TLS") passed to
SSLContext.getInstance(String, String)public String getSecureRandomAlgorithm()
SecureRandom.getInstance(String) to obtain the SecureRandom instance passed to
SSLContext.init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)public void setSecureRandomAlgorithm(String algorithm)
algorithm - The algorithm name, which if set is passed to
SecureRandom.getInstance(String) to obtain the SecureRandom instance passed to
SSLContext.init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)public String getSslKeyManagerFactoryAlgorithm()
KeyManagerFactorypublic void setSslKeyManagerFactoryAlgorithm(String algorithm)
algorithm - The algorithm name (default "SunX509") used by the KeyManagerFactorypublic String getTrustManagerFactoryAlgorithm()
TrustManagerFactorypublic boolean isTrustAll()
public void setTrustAll(boolean trustAll)
trustAll - True if all certificates should be trusted if there is no KeyStore or TrustStorepublic void setTrustManagerFactoryAlgorithm(String algorithm)
algorithm - The algorithm name (default "SunX509") used by the TrustManagerFactory
Use the string "TrustAll" to install a trust manager that trusts all.public String getCrlPath()
public void setCrlPath(String crlPath)
crlPath - Path to file that contains Certificate Revocation Listpublic int getMaxCertPathLength()
public void setMaxCertPathLength(int maxCertPathLength)
maxCertPathLength - maximum number of intermediate certificates in
the certification path (-1 for unlimited)public SSLContext getSslContext()
public void setSslContext(SSLContext sslContext)
sslContext - Set a preconfigured SSLContextprotected KeyStore loadKeyStore() throws Exception
Exception - if the keystore cannot be loadedprotected KeyStore loadTrustStore() throws Exception
Exception - if the truststore cannot be loaded@Deprecated protected KeyStore getKeyStore(InputStream storeStream, String storePath, String storeType, String storeProvider, String storePassword) throws Exception
storeStream - keystore input streamstorePath - path of keystore filestoreType - keystore typestoreProvider - keystore providerstorePassword - keystore passwordException - if the keystore cannot be obtainedprotected Collection<? extends CRL> loadCRL(String crlPath) throws Exception
crlPath - path of certificate revocation list fileException - if the certificate revocation list cannot be loadedprotected KeyManager[] getKeyManagers(KeyStore keyStore) throws Exception
Exceptionprotected TrustManager[] getTrustManagers(KeyStore trustStore, Collection<? extends CRL> crls) throws Exception
Exceptionpublic void checkKeyStore()
IllegalStateException - if SslContextFactory configuration can't be used.public String[] selectProtocols(String[] enabledProtocols, String[] supportedProtocols)
enabledProtocols - Array of enabled protocolssupportedProtocols - Array of supported protocolspublic String[] selectCipherSuites(String[] enabledCipherSuites, String[] supportedCipherSuites)
enabledCipherSuites - Array of enabled cipher suitessupportedCipherSuites - Array of supported cipher suitesprotected void checkNotStarted()
public boolean isEnableCRLDP()
public void setEnableCRLDP(boolean enableCRLDP)
enableCRLDP - true - turn on, false - turns offpublic boolean isEnableOCSP()
public void setEnableOCSP(boolean enableOCSP)
enableOCSP - true - turn on, false - turn offpublic String getOcspResponderURL()
public void setOcspResponderURL(String ocspResponderURL)
ocspResponderURL - location of the OCSP Responderpublic void setKeyStore(KeyStore keyStore)
keyStore - the key store to setpublic void setTrustStore(KeyStore trustStore)
trustStore - the trust store to setpublic void setKeyStoreResource(Resource resource)
resource - the key store resource to setpublic void setTrustStoreResource(Resource resource)
resource - the trust store resource to setpublic boolean isSessionCachingEnabled()
public void setSessionCachingEnabled(boolean enableSessionCaching)
enableSessionCaching - the value of the flagpublic int getSslSessionCacheSize()
public void setSslSessionCacheSize(int sslSessionCacheSize)
sslSessionCacheSize - SSL session cache size to setpublic int getSslSessionTimeout()
public void setSslSessionTimeout(int sslSessionTimeout)
sslSessionTimeout - SSL session timeout to setpublic SSLServerSocket newSslServerSocket(String host, int port, int backlog) throws IOException
IOExceptionpublic SSLSocket newSslSocket() throws IOException
IOExceptionpublic SSLEngine newSslEngine()
public void customize(SSLEngine sslEngine)
Copyright © 1995-2015 Mort Bay Consulting. All Rights Reserved.