io.tesla.aether.okhttp.ssl

Class SslContextFactory

java.lang.Object

io.tesla.aether.okhttp.ssl.SslContextFactory

public class SslContextFactory
extends Object

SslContextFactory is used to configure SSL connectors as well as HttpClient. It holds all SSL parameters and creates SSL context based on these parameters to be used by the SSL connectors.

Field Summary

Fields

Modifier and Type	Field and Description
static String	DEFAULT_KEYMANAGERFACTORY_ALGORITHM
static String	DEFAULT_KEYSTORE_PATH Default value for the keystore location path.
static String	DEFAULT_TRUSTMANAGERFACTORY_ALGORITHM
static String	KEYPASSWORD_PROPERTY String name of key password property.
static String	PASSWORD_PROPERTY String name of keystore password property.
static TrustManager[]	TRUST_ALL_CERTS

Constructor Summary

Constructors

Constructor and Description
SslContextFactory() Construct an instance of SslContextFactory Default constructor for use in XmlConfiguration files
SslContextFactory(boolean trustAll) Construct an instance of SslContextFactory Default constructor for use in XmlConfiguration files
SslContextFactory(String keyStorePath) Construct an instance of SslContextFactory

Method Summary

Methods

Modifier and Type	Method and Description
void	addExcludeCipherSuites(String... cipher)
void	addExcludeProtocols(String... protocol)
void	checkKeyStore() Check KeyStore Configuration.
protected void	checkNotStarted() Check if the lifecycle has been started and throw runtime exception
void	customize(SSLEngine sslEngine)
protected void	doStart() Create the SSLContext object and start the lifecycle
String	getCertAlias()
String[]	getExcludeCipherSuites()
String[]	getExcludeProtocols()
String[]	getIncludeCipherSuites()
String[]	getIncludeProtocols()
protected KeyManager[]	getKeyManagers(KeyStore keyStore)
String	getKeyStore() Deprecated.
protected KeyStore	getKeyStore(InputStream storeStream, String storePath, String storeType, String storeProvider, String storePassword) Deprecated.
InputStream	getKeyStoreInputStream() Deprecated.
String	getKeyStorePath()
String	getKeyStoreProvider()
String	getKeyStoreType()
boolean	getNeedClientAuth()
String	getOcspResponderURL()
SSLContext	getSslContext()
int	getSslSessionCacheSize() Get SSL session cache size.
int	getSslSessionTimeout() Get SSL session timeout.
protected TrustManager[]	getTrustManagers(KeyStore trustStore, Collection<? extends CRL> crls)
String	getTrustStore()
InputStream	getTrustStoreInputStream() Deprecated.
String	getTrustStoreProvider()
String	getTrustStoreType()
boolean	getWantClientAuth()
boolean	isEnableCRLDP()
boolean	isEnableOCSP()
boolean	isSessionCachingEnabled()
protected Collection<? extends CRL>	loadCRL(String crlPath) Loads certificate revocation list (CRL) from a file.
protected KeyStore	loadKeyStore() Override this method to provide alternate way to load a keystore.
protected KeyStore	loadTrustStore() Override this method to provide alternate way to load a truststore.
SSLEngine	newSslEngine()
SSLEngine	newSslEngine(String host, int port)
SSLServerSocket	newSslServerSocket(String host, int port, int backlog)
SSLSocket	newSslSocket()
String[]	selectCipherSuites(String[] enabledCipherSuites, String[] supportedCipherSuites) Select cipher suites to be used by the connector based on configured inclusion and exclusion lists as well as enabled and supported cipher suite lists.
String[]	selectProtocols(String[] enabledProtocols, String[] supportedProtocols) Select protocols to be used by the connector based on configured inclusion and exclusion lists as well as enabled and supported protocols.
void	setCertAlias(String certAlias)
void	setEnableCRLDP(boolean enableCRLDP) Enables CRL Distribution Points Support
void	setEnableOCSP(boolean enableOCSP) Enables On-Line Certificate Status Protocol support
void	setExcludeCipherSuites(String... cipherSuites)
void	setExcludeProtocols(String... protocols)
void	setIncludeCipherSuites(String... cipherSuites)
void	setIncludeProtocols(String... protocols)
void	setKeyManagerPassword(String password)
void	setKeyStore(KeyStore keyStore) Set the key store.
void	setKeyStore(String keyStorePath) Deprecated. Use setKeyStorePath(String)
void	setKeyStorePassword(String password)
void	setKeyStorePath(String keyStorePath)
void	setKeyStoreProvider(String keyStoreProvider)
void	setKeyStoreType(String keyStoreType)
void	setNeedClientAuth(boolean needClientAuth)
void	setOcspResponderURL(String ocspResponderURL) Set the location of the OCSP Responder.
void	setSessionCachingEnabled(boolean enableSessionCaching) Set the flag to enable SSL Session caching.
void	setSslSessionCacheSize(int sslSessionCacheSize) SEt SSL session cache size.
void	setSslSessionTimeout(int sslSessionTimeout) Set SSL session timeout.
void	setTrustStore(KeyStore trustStore) Set the trust store.
void	setTrustStore(String trustStorePath)
void	setTrustStoreInputStream(InputStream trustStoreInputStream) Deprecated.
void	setTrustStorePassword(String password)
void	setTrustStoreProvider(String trustStoreProvider)
void	setTrustStoreType(String trustStoreType)
void	setWantClientAuth(boolean wantClientAuth)
String	toString()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

TRUST_ALL_CERTS

public static final TrustManager[] TRUST_ALL_CERTS

DEFAULT_KEYMANAGERFACTORY_ALGORITHM

public static final String DEFAULT_KEYMANAGERFACTORY_ALGORITHM

DEFAULT_TRUSTMANAGERFACTORY_ALGORITHM

public static final String DEFAULT_TRUSTMANAGERFACTORY_ALGORITHM

DEFAULT_KEYSTORE_PATH

public static final String DEFAULT_KEYSTORE_PATH

Default value for the keystore location path.

KEYPASSWORD_PROPERTY

public static final String KEYPASSWORD_PROPERTY

String name of key password property.

See Also:

Constant Field Values

PASSWORD_PROPERTY

public static final String PASSWORD_PROPERTY

String name of keystore password property.

See Also:

Constant Field Values

Constructor Detail

SslContextFactory

public SslContextFactory()

Construct an instance of SslContextFactory Default constructor for use in XmlConfiguration files

SslContextFactory

public SslContextFactory(boolean trustAll)

Construct an instance of SslContextFactory Default constructor for use in XmlConfiguration files

Parameters:

trustAll - whether to blindly trust all certificates

See Also:

#setTrustAll(boolean)

SslContextFactory

public SslContextFactory(String keyStorePath)

Construct an instance of SslContextFactory

Parameters:

keyStorePath - default keystore location

Method Detail

doStart

protected void doStart()
                throws Exception

Create the SSLContext object and start the lifecycle

Throws:

Exception

See Also:

org.eclipse.jetty.util.component.AbstractLifeCycle#doStart()

getExcludeProtocols

public String[] getExcludeProtocols()

Returns:

The array of protocol names to exclude from SSLEngine.setEnabledProtocols(String[])

setExcludeProtocols

public void setExcludeProtocols(String... protocols)

Parameters:

protocols - The array of protocol names to exclude from SSLEngine.setEnabledProtocols(String[])

addExcludeProtocols

public void addExcludeProtocols(String... protocol)

Parameters:

protocol - Protocol names to add to SSLEngine.setEnabledProtocols(String[])

getIncludeProtocols

public String[] getIncludeProtocols()

Returns:

The array of protocol names to include in SSLEngine.setEnabledProtocols(String[])

setIncludeProtocols

public void setIncludeProtocols(String... protocols)

Parameters:

protocols - The array of protocol names to include in SSLEngine.setEnabledProtocols(String[])

getExcludeCipherSuites

public String[] getExcludeCipherSuites()

Returns:

The array of cipher suite names to exclude from SSLEngine.setEnabledCipherSuites(String[])

setExcludeCipherSuites

public void setExcludeCipherSuites(String... cipherSuites)

Parameters:

cipherSuites - The array of cipher suite names to exclude from SSLEngine.setEnabledCipherSuites(String[])

addExcludeCipherSuites

public void addExcludeCipherSuites(String... cipher)

Parameters:

cipher - Cipher names to add to SSLEngine.setEnabledCipherSuites(String[])

getIncludeCipherSuites

public String[] getIncludeCipherSuites()

Returns:

The array of cipher suite names to include in SSLEngine.setEnabledCipherSuites(String[])

setIncludeCipherSuites

public void setIncludeCipherSuites(String... cipherSuites)

Parameters:

cipherSuites - The array of cipher suite names to include in SSLEngine.setEnabledCipherSuites(String[])

getKeyStorePath

public String getKeyStorePath()

Returns:

The file or URL of the SSL Key store.

getKeyStore

@Deprecated
public String getKeyStore()

Deprecated.

setKeyStorePath

public void setKeyStorePath(String keyStorePath)

Parameters:

keyStorePath - The file or URL of the SSL Key store.

setKeyStore

@Deprecated
public void setKeyStore(String keyStorePath)

Deprecated. Use setKeyStorePath(String)

Parameters:

keyStorePath - the file system path or URL of the keystore

getKeyStoreProvider

public String getKeyStoreProvider()

Returns:

The provider of the key store

setKeyStoreProvider

public void setKeyStoreProvider(String keyStoreProvider)

Parameters:

keyStoreProvider - The provider of the key store

getKeyStoreType

public String getKeyStoreType()

Returns:

The type of the key store (default "JKS")

setKeyStoreType

public void setKeyStoreType(String keyStoreType)

Parameters:

keyStoreType - The type of the key store (default "JKS")

getKeyStoreInputStream

@Deprecated
public InputStream getKeyStoreInputStream()

Deprecated.

Get the _keyStoreInputStream.

Returns:

the _keyStoreInputStream

getCertAlias

public String getCertAlias()

Returns:

Alias of SSL certificate for the connector

setCertAlias

public void setCertAlias(String certAlias)

Parameters:

certAlias - Alias of SSL certificate for the connector

getTrustStore

public String getTrustStore()

Returns:

The file name or URL of the trust store location

setTrustStore

public void setTrustStore(String trustStorePath)

Parameters:

trustStorePath - The file name or URL of the trust store location

getTrustStoreProvider

public String getTrustStoreProvider()

Returns:

The provider of the trust store

setTrustStoreProvider

public void setTrustStoreProvider(String trustStoreProvider)

Parameters:

trustStoreProvider - The provider of the trust store

getTrustStoreType

public String getTrustStoreType()

Returns:

The type of the trust store (default "JKS")

setTrustStoreType

public void setTrustStoreType(String trustStoreType)

Parameters:

trustStoreType - The type of the trust store (default "JKS")

getTrustStoreInputStream

@Deprecated
public InputStream getTrustStoreInputStream()

Deprecated.

Get the _trustStoreInputStream.

Returns:

the _trustStoreInputStream

setTrustStoreInputStream

@Deprecated
public void setTrustStoreInputStream(InputStream trustStoreInputStream)

Deprecated.

Set the _trustStoreInputStream.

Parameters:

trustStoreInputStream - the InputStream to the TrustStore

getNeedClientAuth

public boolean getNeedClientAuth()

Returns:

True if SSL needs client authentication.

See Also:

SSLEngine.getNeedClientAuth()

setNeedClientAuth

public void setNeedClientAuth(boolean needClientAuth)

Parameters:

needClientAuth - True if SSL needs client authentication.

See Also:

SSLEngine.getNeedClientAuth()

getWantClientAuth

public boolean getWantClientAuth()

Returns:

True if SSL wants client authentication.

See Also:

SSLEngine.getWantClientAuth()

setWantClientAuth

public void setWantClientAuth(boolean wantClientAuth)

Parameters:

wantClientAuth - True if SSL wants client authentication.

See Also:

SSLEngine.getWantClientAuth()

setKeyStorePassword

public void setKeyStorePassword(String password)

Parameters:

password - The password for the key store

setKeyManagerPassword

public void setKeyManagerPassword(String password)

Parameters:

password - The password (if any) for the specific key within the key store

setTrustStorePassword

public void setTrustStorePassword(String password)

Parameters:

password - The password for the trust store

getSslContext

public SSLContext getSslContext()
                         throws Exception

Returns:

The SSLContext

Throws:

Exception

loadKeyStore

protected KeyStore loadKeyStore()
                         throws Exception

Override this method to provide alternate way to load a keystore.

Returns:

the key store instance

Throws:

Exception - if the keystore cannot be loaded

loadTrustStore

protected KeyStore loadTrustStore()
                           throws Exception

Override this method to provide alternate way to load a truststore.

Returns:

the key store instance

Throws:

Exception - if the truststore cannot be loaded

getKeyStore

@Deprecated
protected KeyStore getKeyStore(InputStream storeStream,
                              String storePath,
                              String storeType,
                              String storeProvider,
                              String storePassword)
                        throws Exception

Deprecated.

Loads keystore using an input stream or a file path in the same order of precedence. Required for integrations to be able to override the mechanism used to load a keystore in order to provide their own implementation.

Parameters:

storeStream - keystore input stream

storePath - path of keystore file

storeType - keystore type

storeProvider - keystore provider

storePassword - keystore password

Returns:

created keystore

Throws:

Exception - if the keystore cannot be obtained

loadCRL

protected Collection<? extends CRL> loadCRL(String crlPath)
                                     throws Exception

Loads certificate revocation list (CRL) from a file. Required for integrations to be able to override the mechanism used to load CRL in order to provide their own implementation.

Parameters:

crlPath - path of certificate revocation list file

Returns:

Collection of CRL's

Throws:

Exception - if the certificate revocation list cannot be loaded

getKeyManagers

protected KeyManager[] getKeyManagers(KeyStore keyStore)
                               throws Exception

Throws:

Exception

getTrustManagers

protected TrustManager[] getTrustManagers(KeyStore trustStore,
                              Collection<? extends CRL> crls)
                                   throws Exception

Throws:

Exception

checkKeyStore

public void checkKeyStore()

Check KeyStore Configuration. Ensures that if keystore has been configured but there's no truststore, that keystore is used as truststore.

Throws:

IllegalStateException - if SslContextFactory configuration can't be used.

selectProtocols

public String[] selectProtocols(String[] enabledProtocols,
                       String[] supportedProtocols)

Select protocols to be used by the connector based on configured inclusion and exclusion lists as well as enabled and supported protocols.

Parameters:

enabledProtocols - Array of enabled protocols

supportedProtocols - Array of supported protocols

Returns:

Array of protocols to enable

selectCipherSuites

public String[] selectCipherSuites(String[] enabledCipherSuites,
                          String[] supportedCipherSuites)

Select cipher suites to be used by the connector based on configured inclusion and exclusion lists as well as enabled and supported cipher suite lists.

Parameters:

enabledCipherSuites - Array of enabled cipher suites

supportedCipherSuites - Array of supported cipher suites

Returns:

Array of cipher suites to enable

checkNotStarted

protected void checkNotStarted()

Check if the lifecycle has been started and throw runtime exception

isEnableCRLDP

public boolean isEnableCRLDP()

Returns:

true if CRL Distribution Points support is enabled

setEnableCRLDP

public void setEnableCRLDP(boolean enableCRLDP)

Enables CRL Distribution Points Support

Parameters:

enableCRLDP - true - turn on, false - turns off

isEnableOCSP

public boolean isEnableOCSP()

Returns:

true if On-Line Certificate Status Protocol support is enabled

setEnableOCSP

public void setEnableOCSP(boolean enableOCSP)

Enables On-Line Certificate Status Protocol support

Parameters:

enableOCSP - true - turn on, false - turn off

getOcspResponderURL

public String getOcspResponderURL()

Returns:

Location of the OCSP Responder

setOcspResponderURL

public void setOcspResponderURL(String ocspResponderURL)

Set the location of the OCSP Responder.

Parameters:

ocspResponderURL - location of the OCSP Responder

setKeyStore

public void setKeyStore(KeyStore keyStore)

Set the key store.

Parameters:

keyStore - the key store to set

setTrustStore

public void setTrustStore(KeyStore trustStore)

Set the trust store.

Parameters:

trustStore - the trust store to set

isSessionCachingEnabled

public boolean isSessionCachingEnabled()

Returns:

true if SSL Session caching is enabled

setSessionCachingEnabled

public void setSessionCachingEnabled(boolean enableSessionCaching)

Set the flag to enable SSL Session caching.

Parameters:

enableSessionCaching - the value of the flag

getSslSessionCacheSize

public int getSslSessionCacheSize()

Get SSL session cache size.

Returns:

SSL session cache size

setSslSessionCacheSize

public void setSslSessionCacheSize(int sslSessionCacheSize)

SEt SSL session cache size.

Parameters:

sslSessionCacheSize - SSL session cache size to set

getSslSessionTimeout

public int getSslSessionTimeout()

Get SSL session timeout.

Returns:

SSL session timeout

setSslSessionTimeout

public void setSslSessionTimeout(int sslSessionTimeout)

Set SSL session timeout.

Parameters:

sslSessionTimeout - SSL session timeout to set

newSslServerSocket

public SSLServerSocket newSslServerSocket(String host,
                                 int port,
                                 int backlog)
                                   throws IOException

Throws:

IOException

newSslSocket

public SSLSocket newSslSocket()
                       throws IOException

Throws:

IOException

newSslEngine

public SSLEngine newSslEngine(String host,
                     int port)

newSslEngine

public SSLEngine newSslEngine()

customize

public void customize(SSLEngine sslEngine)

toString

public String toString()

Overrides:

toString in class Object