Package org.apache.qpid.proton.engine.impl.ssl

Class SslDomainImpl

java.lang.Object
org.apache.qpid.proton.engine.impl.ssl.SslDomainImpl
All Implemented Interfaces:
ProtonSslEngineProvider, ProtonJSslDomain, SslDomain
public class SslDomainImpl extends Object implements SslDomain, ProtonSslEngineProvider, ProtonJSslDomain

  • Constructor Details

  • Method Details

    • init

      public void init(SslDomain.Mode mode)
      Description copied from interface: SslDomain
      Initialize the ssl domain object. An SSL object be either an SSL server or an SSL client. It cannot be both. Those transports that will be used to accept incoming connection requests must be configured as an SSL server. Those transports that will be used to initiate outbound connections must be configured as an SSL client.
      Specified by:
      init in interface SslDomain

    • getMode

      public SslDomain.Mode getMode()
      Specified by:
      getMode in interface SslDomain

    • setCredentials

      public void setCredentials(String certificateFile, String privateKeyFile, String privateKeyPassword)
      Description copied from interface: SslDomain
      Set the certificate that identifies the local node to the remote. This certificate establishes the identity for the local node. It will be sent to the remote if the remote needs to verify the identity of this node. This may be used for both SSL servers and SSL clients (if client authentication is required by the server).
      Specified by:
      setCredentials in interface SslDomain
      Parameters:
      certificateFile - path to file/database containing the identifying certificate.
      privateKeyFile - path to file/database containing the private key used to sign the certificate
      privateKeyPassword - the password used to sign the key, else null if key is not protected.

    • setTrustedCaDb

      public void setTrustedCaDb(String certificateDb)
      Description copied from interface: SslDomain
      Configure the set of trusted CA certificates used by this node to verify peers. If the local SSL client/server needs to verify the identity of the remote, it must validate the signature of the remote's certificate. This function sets the database of trusted CAs that will be used to verify the signature of the remote's certificate.
      Specified by:
      setTrustedCaDb in interface SslDomain
      Parameters:
      certificateDb - database of trusted CAs, used to authenticate the peer.

    • getTrustedCaDb

      public String getTrustedCaDb()
      Specified by:
      getTrustedCaDb in interface SslDomain

    • setSslContext

      public void setSslContext(SSLContext sslContext)
      Description copied from interface: SslDomain
      Sets an SSLContext for use when establishing SSL transport. Setting a context this way overrides alternate configuration that might otherwise have been used to create a context, such as key and trust store paths.
      Specified by:
      setSslContext in interface SslDomain
      Parameters:
      sslContext - the context to use

    • getSslContext

      public SSLContext getSslContext()
      Description copied from interface: SslDomain
      Returns the SSLContext set by SslDomain.setSslContext(SSLContext).
      Specified by:
      getSslContext in interface SslDomain
      Returns:
      the SSLContext, or null if none was set.

    • setPeerAuthentication

      public void setPeerAuthentication(SslDomain.VerifyMode verifyMode)
      Description copied from interface: SslDomain
      Configure the level of verification used on the peer certificate. This method controls how the peer's certificate is validated, if at all. By default, neither servers nor clients attempt to verify their peers (SslDomain.VerifyMode.ANONYMOUS_PEER). Once certificates and trusted CAs are configured, peer verification can be enabled. In order to verify a peer, a trusted CA must be configured. See SslDomain.setTrustedCaDb(String). NOTE: Servers must provide their own certificate when verifying a peer. See SslDomain.setCredentials(String, String, String)).
      Specified by:
      setPeerAuthentication in interface SslDomain
      Parameters:
      verifyMode - the level of validation to apply to the peer

    • getPeerAuthentication

      public SslDomain.VerifyMode getPeerAuthentication()
      Specified by:
      getPeerAuthentication in interface SslDomain

    • getPrivateKeyFile

      public String getPrivateKeyFile()
      Specified by:
      getPrivateKeyFile in interface SslDomain

    • getPrivateKeyPassword

      public String getPrivateKeyPassword()
      Specified by:
      getPrivateKeyPassword in interface SslDomain

    • getCertificateFile

      public String getCertificateFile()
      Specified by:
      getCertificateFile in interface SslDomain

    • allowUnsecuredClient

      public void allowUnsecuredClient(boolean allowUnsecured)
      Description copied from interface: SslDomain
      Permit a server to accept connection requests from non-SSL clients. This configures the server to "sniff" the incoming client data stream, and dynamically determine whether SSL/TLS is being used. This option is disabled by default: only clients using SSL/TLS are accepted.
      Specified by:
      allowUnsecuredClient in interface SslDomain

    • allowUnsecuredClient

      public boolean allowUnsecuredClient()
      Specified by:
      allowUnsecuredClient in interface SslDomain

    • createSslEngine

      public ProtonSslEngine createSslEngine(SslPeerDetails peerDetails)
      Description copied from interface: ProtonSslEngineProvider
      Returns an SSL engine.
      Specified by:
      createSslEngine in interface ProtonSslEngineProvider
      Parameters:
      peerDetails - the details of the remote peer. If non-null, may be used to assist SSL session resumption.

    • toString

      public String toString()
      Overrides:
      toString in class Object