SSLSecurityWrapper (Delegated SAML Authentication 1.1.2 API)

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.jasig.portal.security.provider.saml
Interface SSLSecurityWrapper

All Known Implementing Classes:: SSLSecurityImpl

public interface SSLSecurityWrapper

This interface defines the methods needed to contain SSL security options like private key, client certificate, etc. In context of this project different security options may be needed for either the IdP or the WSP.

Author:: arybicki

Method Summary
`org.apache.http.conn.ssl.SSLSocketFactory`	`getSSLSocketFactory()` Get an instance of SSL socket factory based on the supplied credentials.
`void`	`setSSLClientKeystore(String ks, String pass)` Set the credentials for client TSL certificate authentication
`void`	`setSSLClientPrivateKeyAndCert(String pkFile, String certFile)` Set the credentials for client TSL certificate authentication.
`void`	`setSSLServerPublicKeys(String encodedKeys)` Set the public keys of server to trust.
`void`	`setSSLTrustStore(String ks, String pass)` Set the KeyStore of server certificates to trust.

Method Detail

setSSLClientPrivateKeyAndCert

void setSSLClientPrivateKeyAndCert(String pkFile,
                                   String certFile)

Set the credentials for client TSL certificate authentication. These files should be in PEM-encoded format.

Parameters:: pkFile - - name of the file containing the private key; certFile - - name of the file containing the certificate

setSSLClientKeystore

void setSSLClientKeystore(String ks,
                          String pass)

Set the credentials for client TSL certificate authentication

Parameters:: ks - File name of a Java KeyStore containing the private key and certificate; pass - Password for the Java KeyStore

setSSLTrustStore

void setSSLTrustStore(String ks,
                      String pass)

Set the KeyStore of server certificates to trust. This overrides the default Java behavior, which is to trust all servers that present valid certificates signed by a trusted Certificte Authorities (CA). The KeyStore set here may contain servers' self-signed certificates or certificates of local CA(s).

Parameters:: ks - Java KeyStore containing certificates to trust; pass - Password of the KeyStore

setSSLServerPublicKeys

void setSSLServerPublicKeys(String encodedKeys)

Set the public keys of server to trust. This overrides the default Java behavior, which is to trust all servers that present valid certificates signed by a trusted Certificte Authorities (CA). After this method is called, only servers that present X.509 certificates containing a matching public key will be trusted.

Parameters:: encodedKeys - Base64-encoded public key(s)

getSSLSocketFactory

org.apache.http.conn.ssl.SSLSocketFactory getSSLSocketFactory()

Get an instance of SSL socket factory based on the supplied credentials. Used to enforce the client certificate and server trust options set.

Returns:: A SSLSocketFactory suitable for use with Apache Commons HTTP Client