org.jasig.portal.security.provider.saml
Class SSLSecurityImpl

java.lang.Object
  org.jasig.portal.security.provider.saml.SSLSecurityImpl

All Implemented Interfaces:

SSLSecurityWrapper

public class SSLSecurityImpl
extends Object
implements SSLSecurityWrapper

This class wraps some SSL options for enforcing security then communicating with a SAML IdP or a SAML-protected Web Service Provider.

Author:

Adam Rybicki

Field Summary

protected org.slf4j.Logger

logger

Constructor Summary

SSLSecurityImpl()

Method Summary

org.apache.http.conn.ssl.SSLSocketFactory	getSSLSocketFactory() Get an instance of SSL socket factory based on the supplied credentials.
void	setSSLClientKeystore(String ksFile, String pass) Set the credentials for client TSL certificate authentication
void	setSSLClientPrivateKeyAndCert(String pkFile, String certFile) Set the credentials for client TSL certificate authentication.
void	setSSLServerPublicKeys(String encodedKeys) Set the public keys of server to trust.
void	setSSLTrustStore(String ksFile, String pass) Set the KeyStore of server certificates to trust.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

protected final org.slf4j.Logger logger

Constructor Detail

SSLSecurityImpl

public SSLSecurityImpl()

Method Detail

getSSLSocketFactory

public org.apache.http.conn.ssl.SSLSocketFactory getSSLSocketFactory()

Description copied from interface: SSLSecurityWrapper

Get an instance of SSL socket factory based on the supplied credentials. Used to enforce the client certificate and server trust options set.

Specified by:

getSSLSocketFactory in interface SSLSecurityWrapper

Returns:

A SSLSocketFactory suitable for use with Apache Commons HTTP Client

setSSLClientKeystore

public void setSSLClientKeystore(String ksFile,
                                 String pass)

Description copied from interface: SSLSecurityWrapper

Set the credentials for client TSL certificate authentication

Specified by:

setSSLClientKeystore in interface SSLSecurityWrapper

Parameters:

ksFile - File name of a Java KeyStore containing the private key and certificate

pass - Password for the Java KeyStore

setSSLTrustStore

public void setSSLTrustStore(String ksFile,
                             String pass)

Description copied from interface: SSLSecurityWrapper

Set the KeyStore of server certificates to trust. This overrides the default Java behavior, which is to trust all servers that present valid certificates signed by a trusted Certificte Authorities (CA). The KeyStore set here may contain servers' self-signed certificates or certificates of local CA(s).

Specified by:

setSSLTrustStore in interface SSLSecurityWrapper

Parameters:

ksFile - Java KeyStore containing certificates to trust

pass - Password of the KeyStore

setSSLClientPrivateKeyAndCert

public void setSSLClientPrivateKeyAndCert(String pkFile,
                                          String certFile)

Description copied from interface: SSLSecurityWrapper

Set the credentials for client TSL certificate authentication. These files should be in PEM-encoded format.

Specified by:

setSSLClientPrivateKeyAndCert in interface SSLSecurityWrapper

Parameters:

pkFile - - name of the file containing the private key

certFile - - name of the file containing the certificate

setSSLServerPublicKeys

public void setSSLServerPublicKeys(String encodedKeys)

Description copied from interface: SSLSecurityWrapper

Set the public keys of server to trust. This overrides the default Java behavior, which is to trust all servers that present valid certificates signed by a trusted Certificte Authorities (CA). After this method is called, only servers that present X.509 certificates containing a matching public key will be trusted.

Specified by:

setSSLServerPublicKeys in interface SSLSecurityWrapper

Parameters:

encodedKeys - Base64-encoded public key(s)