tigase.io

Class SSLContextContainer

java.lang.Object

tigase.io.SSLContextContainer

All Implemented Interfaces:

SSLContextContainerIfc

Direct Known Subclasses:

SNISSLContextContainer

public class SSLContextContainer
extends Object
implements SSLContextContainerIfc

Created: Oct 15, 2010 2:40:49 PM

Version:

$Rev$

Author:

Artur Hefczyc

Field Summary

Fields

Modifier and Type	Field and Description
protected String	def_cert_alias
protected Map<String,KeyManagerFactory>	kmfs
protected X509KeyManager[]	kms
static String	PER_DOMAIN_CERTIFICATE_KEY
protected Map<String,tigase.io.SSLContextContainer.SSLContextsHolder>	sslContexts

Fields inherited from interface tigase.io.SSLContextContainerIfc

ALLOW_INVALID_CERTS_KEY, ALLOW_INVALID_CERTS_VAL, ALLOW_SELF_SIGNED_CERTS_KEY, ALLOW_SELF_SIGNED_CERTS_VAL, CERT_ALIAS_KEY, CERT_SAVE_TO_DISK_KEY, DEFAULT_DOMAIN_CERT_KEY, DEFAULT_DOMAIN_CERT_VAL, JKS_KEYSTORE_FILE_KEY, JKS_KEYSTORE_FILE_VAL, JKS_KEYSTORE_PWD_KEY, JKS_KEYSTORE_PWD_VAL, PEM_CERTIFICATE_KEY, SERVER_CERTS_LOCATION_KEY, SERVER_CERTS_LOCATION_VAL, SSL_CONTAINER_CLASS_KEY, SSL_CONTAINER_CLASS_VAL, TRUSTED_CERTS_DIR_KEY, TRUSTED_CERTS_DIR_VAL, TRUSTSTORE_FILE_KEY, TRUSTSTORE_FILE_VAL, TRUSTSTORE_PWD_KEY, TRUSTSTORE_PWD_VAL

Constructor Summary

Constructors

Constructor and Description
SSLContextContainer()

Method Summary

Modifier and Type	Method and Description
void	addCertificates(Map<String,String> params) Method addCertificates allows to add more certificates at run time after the container has bee already initialized.
static <T> T	find(Map<String,T> data, String key)
SSLContext	getSSLContext(String protocol, String hostname, boolean clientMode) Method getSSLContext creates and returns new SSLContext for a given domain (hostname).
SSLContext	getSSLContext(String protocol, String hostname, boolean clientMode, TrustManager... tms)
KeyStore	getTrustStore() Returns a trust store with all trusted certificates.
void	init(Map<String,Object> params) Method init method initializes the container.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

PER_DOMAIN_CERTIFICATE_KEY

public static final String PER_DOMAIN_CERTIFICATE_KEY

See Also:

Constant Field Values

def_cert_alias

protected String def_cert_alias

kmfs

protected Map<String,KeyManagerFactory> kmfs

sslContexts

protected Map<String,tigase.io.SSLContextContainer.SSLContextsHolder> sslContexts

kms

protected X509KeyManager[] kms

Constructor Detail

SSLContextContainer

public SSLContextContainer()

Method Detail

addCertificates

public void addCertificates(Map<String,String> params)
                     throws CertificateParsingException

Description copied from interface: SSLContextContainerIfc

Method addCertificates allows to add more certificates at run time after the container has bee already initialized. This is to avoid server restart if there are certificates updates or new certificates for new virtual domain. The method should add new certificates or replace existing one if there is already a certificate for a domain.

Specified by:

addCertificates in interface SSLContextContainerIfc

Parameters:

params - a Map value with configuration parameters.

Throws:

CertificateParsingException

getSSLContext

public SSLContext getSSLContext(String protocol,
                                String hostname,
                                boolean clientMode)

Description copied from interface: SSLContextContainerIfc

Method getSSLContext creates and returns new SSLContext for a given domain (hostname). For creation of the SSLContext a certificate associated with this domain (hostname) should be used. If there is no specific certificate for a given domain then default certificate should be used.

Specified by:

getSSLContext in interface SSLContextContainerIfc

Parameters:

protocol - a String is either 'SSL' or 'TLS' value.

hostname - a String value keeps a hostname or domain for SSLContext.

Returns:

a SSLContext value

find

public static <T> T find(Map<String,T> data,
                         String key)

getSSLContext

public SSLContext getSSLContext(String protocol,
                                String hostname,
                                boolean clientMode,
                                TrustManager... tms)

Specified by:

getSSLContext in interface SSLContextContainerIfc

getTrustStore

public KeyStore getTrustStore()

Description copied from interface: SSLContextContainerIfc

Returns a trust store with all trusted certificates.

Specified by:

getTrustStore in interface SSLContextContainerIfc

Returns:

a KeyStore with all trusted certificates, the KeyStore can be empty but cannot be null.

init

public void init(Map<String,Object> params)

Description copied from interface: SSLContextContainerIfc

Method init method initializes the container. If the container has been already initialized then it should clear all the data and re-initialize the container with the "fresh" data. If there is only one certificate loaded it is a default one as well. Otherwise the certificate from default.pem file should be used as a default one. Default certificate can be also set through the settings in the Map given as a parameter. DEFAULT_DOMAIN_CERT_KEY points to the domain which holds default certificate.

Specified by:

init in interface SSLContextContainerIfc

Parameters:

params - a Map value