io.apiman.gateway.platforms.servlet.connectors.ssl

Class SSLSessionStrategyFactory

java.lang.Object

io.apiman.gateway.platforms.servlet.connectors.ssl.SSLSessionStrategyFactory

public class SSLSessionStrategyFactory
extends Object

Factory to produce SSLSessionStrategy.

Author:

Marc Savy

Method Summary

Methods

Modifier and Type	Method and Description
static SSLSessionStrategy	build(String trustStore, String trustStorePassword, String keyStore, String keyStorePassword, String[] keyAliases, String keyPassword, String[] allowedProtocols, String[] allowedCiphers, boolean allowAnyHostname, boolean trustSelfSigned) Build an SSLSessionStrategy.
static SSLSessionStrategy	buildMutual(io.apiman.common.config.options.TLSOptions optionsMap) Convenience function parses map of options to generate SSLSessionStrategy.
static SSLSessionStrategy	buildStandard(io.apiman.common.config.options.TLSOptions optionsMap) Convenience function parses map of options to generate SSLSessionStrategy.
static SSLSessionStrategy	buildUnsafe() Do not use in production

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

buildStandard

public static SSLSessionStrategy buildStandard(io.apiman.common.config.options.TLSOptions optionsMap)
                                        throws NoSuchAlgorithmException,
                                               KeyManagementException,
                                               KeyStoreException,
                                               UnrecoverableKeyException,
                                               CertificateException,
                                               IOException

Convenience function parses map of options to generate SSLSessionStrategy.

Defaults are provided for all fields:

• trustStore - default: JSSERefGuide
• trustStorePassword - none
• allowedProtocols - SSLParameters.getProtocols()
• allowedCiphers - SSLParameters.getCipherSuites()
• allowAnyHost - false
• allowSelfSigned - false

Parameters:

optionsMap - map of options

Returns:

the SSL session strategy

Throws:

NoSuchAlgorithmException - if the selected algorithm is not available on the system

KeyManagementException - when particular cryptographic algorithm not available

KeyStoreException - problem with keystore

CertificateException - if there was a problem with the certificate

IOException - if the truststore could not be found or was invalid

UnrecoverableKeyException - a key in keystore cannot be recovered

See Also:

build(String, String, String, String, String[], String, String[], String[], boolean, boolean)

buildMutual

public static SSLSessionStrategy buildMutual(io.apiman.common.config.options.TLSOptions optionsMap)
                                      throws KeyManagementException,
                                             NoSuchAlgorithmException,
                                             KeyStoreException,
                                             CertificateException,
                                             IOException,
                                             UnrecoverableKeyException

Convenience function parses map of options to generate SSLSessionStrategy.

Defaults are provided for some fields, others are options. ClientKeystore is required:

• trustStore - default: JSSERefGuide
• trustStorePassword - none
• keyStore - required
• keyStorePassword - none
• keyAliases - none
• keyPassword - none
• allowedProtocols - SSLParameters.getProtocols()
• allowedCiphers - SSLParameters.getCipherSuites()
• allowAnyHost - false
• allowSelfSigned - false

Parameters:

optionsMap - map of options

Returns:

the SSL session strategy

Throws:

NoSuchAlgorithmException - if the selected algorithm is not available on the system

KeyManagementException - when particular cryptographic algorithm not available

KeyStoreException - problem with keystore

CertificateException - if there was a problem with the certificate

IOException - if the truststore could not be found or was invalid

UnrecoverableKeyException - a key in keystore cannot be recovered

See Also:

build(String, String, String, String, String[], String, String[], String[], boolean, boolean)

build

public static SSLSessionStrategy build(String trustStore,
                       String trustStorePassword,
                       String keyStore,
                       String keyStorePassword,
                       String[] keyAliases,
                       String keyPassword,
                       String[] allowedProtocols,
                       String[] allowedCiphers,
                       boolean allowAnyHostname,
                       boolean trustSelfSigned)
                                throws NoSuchAlgorithmException,
                                       KeyStoreException,
                                       CertificateException,
                                       IOException,
                                       KeyManagementException,
                                       UnrecoverableKeyException

Build an SSLSessionStrategy.

Parameters:

trustStore - the trust store

trustStorePassword - the truststore password (if any)

keyStore - the keystore

keyStorePassword - the keystore password (if any)

keyAliases - the key aliases that are candidates for use (if any)

keyPassword - the key password (if any)

allowedProtocols - the allowed transport protocols. Avoid specifying insecure protocols

allowedCiphers - allowed crypto ciphersuites, null to use system defaults

trustSelfSigned - true if self signed certificates can be trusted. Use with caution

allowAnyHostname - true if any hostname can be connected to (i.e. does not need to match certificate hostname). Do not use in production

Returns:

the connection socket factory

Throws:

NoSuchAlgorithmException - if the selected algorithm is not available on the system

KeyStoreException - if there was a problem with the keystore

CertificateException - if there was a problem with the certificate

IOException - if the truststore could not be found or was invalid

KeyManagementException - if there is a problem with keys

UnrecoverableKeyException - if the key cannot be recovered

buildUnsafe

public static SSLSessionStrategy buildUnsafe()

Do not use in production

Returns an SSLSessionStrategy that trusts any Certificate.

Naturally, this is vulnerable to a raft of MIITM and forgery attacks, so users should exercise extreme caution and only use it for development purposes.

Returns:

the ssl strategy