Package 

Class SSLSocketFactoryFactory

  • 
public class SSLSocketFactoryFactory

    An SSLSocketFactoryFactory provides a socket factory and a server socket factory that then can be used to create SSL client sockets or SSL server sockets.

    The SSLSocketFactoryFactory is configured using IBM SSL properties, i.e. properties of the format "com.ibm.ssl.propertyName", e.g. "com.ibm.ssl.keyStore". The class supports multiple configurations, each configuration is identified using a name or configuration ID. The configuration ID with "null" is used as a default configuration. When a socket factory is being created for a given configuration, properties of that configuration are first picked. If a property is not defined there, then that property is looked up in the default configuration. Finally, if a property element is still not found, then the corresponding system property is inspected, i.e. javax.net.ssl.keyStore. If the system property is not set either, then the system's default value is used (if available) or an exception is thrown.

    The SSLSocketFacotryFactory can be reconfigured at any time. A reconfiguration does not affect existing socket factories.

    All properties share the same key space; i.e. the configuration ID is not part of the property keys.

    The methods should be called in the following order:

    • isSupportedOnJVM(): to check whether this class is supported on the runtime platform. Not all runtimes support SSL/TLS.
    • SSLSocketFactoryFactory(): the constructor. Clients (in the same JVM) may share an SSLSocketFactoryFactory, or have one each.
    • initialize(properties, configID): to initialize this object with the required SSL properties for a configuration. This may be called multiple times, once for each required configuration.It may be called again to change the required SSL properties for a particular configuration
    • getEnabledCipherSuites(configID): to later set the enabled cipher suites on the socket [see below].
    • For an MQTT server:
    • For an MQTT client:

    • Constructor Detail

      • SSLSocketFactoryFactory

        SSLSocketFactoryFactory()
        Create new instance of class.

    • Method Detail

      • isSupportedOnJVM

         static boolean isSupportedOnJVM()

        Not all of the JVM/Platforms support all of its security features. This method determines if is supported.

      • toChar

         static Array<char> toChar(Array<byte> b)

        Convert byte array to char array, where each char is constructed from two bytes.

        Parameters:
        b - byte array

      • toByte

         static Array<byte> toByte(Array<char> c)

        Convert char array to byte array, where each char is split into two bytes.

        Parameters:
        c - char array

      • obfuscate

         static String obfuscate(Array<char> password)

        Obfuscates the password using a simple and not very secure XOR mechanism. This should not be used for cryptographical purpose, it's a simple scrambler to obfuscate clear-text passwords.

        Parameters:
        password - The password to be encrypted, as a char[] array.

      • deObfuscate

         static Array<char> deObfuscate(String ePassword)

        The inverse operation of obfuscate: returns a cleartext password that was previously obfuscated using the XOR scrambler.

        Parameters:
        ePassword - An obfuscated password.

      • packCipherSuites

         static String packCipherSuites(Array<String> ciphers)

        Converts an array of ciphers into a single String.

        Parameters:
        ciphers - The array of cipher names.

      • unpackCipherSuites

         static Array<String> unpackCipherSuites(String ciphers)

        Inverse operation of packCipherSuites: converts a string of cipher names into an array of cipher names

        Parameters:
        ciphers - A list of ciphers, separated by comma.

      • initialize

         void initialize(Properties props, String configID)

        Initializes the SSLSocketFactoryFactory with the provided properties for the provided configuration.

        Parameters:
        props - A properties object containing IBM SSL properties that are qualified by one or more configuration identifiers.
        configID - The configuration identifier for selecting a configuration or null for the default configuration.

      • merge

         void merge(Properties props, String configID)

        Merges the given IBM SSL properties into the existing configuration, overwriting existing properties. This method is used to selectively change properties for a given configuration. The method throws an IllegalArgumentException if any of the properties is not a valid IBM SSL property key.

        Parameters:
        props - A properties object containing IBM SSL properties
        configID - The configuration identifier for selecting a configuration or null for the default configuration.

      • remove

         boolean remove(String configID)

        Remove the configuration of a given configuration identifier.

        Parameters:
        configID - The configuration identifier for selecting a configuration or null for the default configuration.

      • getConfiguration

         Properties getConfiguration(String configID)

        Returns the configuration of the SSLSocketFactoryFactory for a given configuration. Note that changes in the property are reflected in the SSLSocketFactoryFactory.

        Parameters:
        configID - The configuration identifier for selecting a configuration or null for the default configuration.

      • getSSLProtocol

         String getSSLProtocol(String configID)

        Gets the SSL protocol variant of the indicated configuration or the default configuration.

        Parameters:
        configID - The configuration identifier for selecting a configuration or null for the default configuration.

      • getJSSEProvider

         String getJSSEProvider(String configID)

        Gets the JSSE provider of the indicated configuration

        Parameters:
        configID - The configuration identifier for selecting a configuration or null for the default configuration.

      • getKeyStore

         String getKeyStore(String configID)

        Gets the name of the keystore file that is used.

        Parameters:
        configID - The configuration identifier for selecting a configuration or null for the default configuration.

      • getKeyStorePassword

         Array<char> getKeyStorePassword(String configID)

        Gets the plain-text password that is used for the keystore.

        Parameters:
        configID - The configuration identifier for selecting a configuration or null for the default configuration.

      • getKeyStoreType

         String getKeyStoreType(String configID)

        Gets the type of keystore.

        Parameters:
        configID - The configuration identifier for selecting a configuration or null for the default configuration.

      • getKeyStoreProvider

         String getKeyStoreProvider(String configID)

        Gets the keystore provider.

        Parameters:
        configID - The configuration identifier for selecting a configuration or null for the default configuration.

      • getKeyManager

         String getKeyManager(String configID)

        Gets the key manager algorithm that is used.

        Parameters:
        configID - The configuration identifier for selecting a configuration or null for the default configuration.

      • getTrustStore

         String getTrustStore(String configID)

        Gets the name of the truststore file that is used.

        Parameters:
        configID - The configuration identifier for selecting a configuration or null for the default configuration.

      • getTrustStorePassword

         Array<char> getTrustStorePassword(String configID)

        Gets the plain-text password that is used for the truststore.

        Parameters:
        configID - The configuration identifier for selecting a configuration or null for the default configuration.

      • getTrustStoreType

         String getTrustStoreType(String configID)

        Gets the type of truststore.

        Parameters:
        configID - The configuration identifier for selecting a configuration or null for the default configuration.

      • getTrustStoreProvider

         String getTrustStoreProvider(String configID)

        Gets the truststore provider.

        Parameters:
        configID - The configuration identifier for selecting a configuration or null for the default configuration.

      • getTrustManager

         String getTrustManager(String configID)

        Gets the trust manager algorithm that is used.

        Parameters:
        configID - The configuration identifier for selecting a configuration or null for the default configuration.

      • getEnabledCipherSuites

         Array<String> getEnabledCipherSuites(String configID)

        Returns an array with the enabled ciphers.

        Parameters:
        configID - The configuration identifier for selecting a configuration or null for the default configuration.

      • getClientAuthentication

         boolean getClientAuthentication(String configID)

        Returns whether client authentication is required.

        Parameters:
        configID - The configuration identifier for selecting a configuration or null for the default configuration.

      • createSocketFactory

         SSLSocketFactory createSocketFactory(String configID)

        Returns an SSL socket factory for the given configuration. If no SSLProtocol is already set, uses DEFAULT_PROTOCOL. Throws IllegalArgumentException if the socket factory could not be created due to underlying configuration problems.

        Parameters:
        configID - The configuration identifier for selecting a configuration.