public interface SSLContextContainerIfc
Modifier and Type | Field and Description |
---|---|
static String |
ALLOW_INVALID_CERTS_KEY
Constant
ALLOW_INVALID_CERTS_KEY is a key pointing to a
configuration parameters specyfying if invalid certificates are
acceptable by the server. |
static String |
ALLOW_INVALID_CERTS_VAL
Constant
ALLOW_INVALID_CERTS_VAL is a default configuration
parameter specifying if invalid certificates are acceptable by the
server. |
static String |
ALLOW_SELF_SIGNED_CERTS_KEY
Constant
ALLOW_SELF_SIGNED_CERTS_KEY is a key pointing to a
configuration parameter specifying if self-signed certificates are
acceptable for the server. |
static String |
ALLOW_SELF_SIGNED_CERTS_VAL
Constant
ALLOW_SELF_SIGNED_CERTS_VAL is a default
configuration value specifying if self-signed certificates are allowed by
the server. |
static String |
CERT_ALIAS_KEY
Field description
|
static String |
CERT_SAVE_TO_DISK_KEY
Field description
|
static String |
DEFAULT_DOMAIN_CERT_KEY
Constant
DEFAULT_DOMAIN_CERT_KEY is a key pointing to the
domain with default certificate. |
static String |
DEFAULT_DOMAIN_CERT_VAL
Constant
DEFAULT_DOMAIN_CERT_VAL keeps default value for a
domain with default certificate. |
static String |
JKS_KEYSTORE_FILE_KEY
Constant
JKS_KEYSTORE_FILE_KEY is a key pointing to a JKS
keystore file. |
static String |
JKS_KEYSTORE_FILE_VAL
Constant
JKS_KEYSTORE_FILE_VAL keeps default value for a JKS
keystore file. |
static String |
JKS_KEYSTORE_PWD_KEY
Constant
JKS_KEYSTORE_PWD_KEY is a key pointing to a private
key password, |
static String |
JKS_KEYSTORE_PWD_VAL
Constant
JKS_KEYSTORE_PWD_VAL is a default private key
password. |
static String |
PEM_CERTIFICATE_KEY
Field description
|
static String |
SERVER_CERTS_LOCATION_KEY
Constant
SERVER_CERTS_DIR_KEY is a key pointing to a
configuration parameter with directory names where all server
certificates are stored. |
static String |
SERVER_CERTS_LOCATION_VAL
Constant
SERVER_CERTS_DIR_VAL is a default directory name
where all certificate files are stored. |
static String |
SSL_CONTAINER_CLASS_KEY
Constant
SSL_CONTAINER_CLASS_KEY is a key pointing to a
container implementation class. |
static String |
SSL_CONTAINER_CLASS_VAL
Constant
SSL_CONTAINER_CLASS_VAL keeps default container
implementation class loaded if none is specified in configuration file. |
static String |
TRUSTED_CERTS_DIR_KEY
Constant
TRUSTED_CERTS_DIR_KEY is a key pointing to a
configuration parameter where all trusted certificates are stored. |
static String |
TRUSTED_CERTS_DIR_VAL
Constant
TRUSTED_CERTS_DIR_VAL is a default directory name
where all trusted certificates are stored. |
static String |
TRUSTSTORE_FILE_KEY
Constant
TRUSTSTORE_FILE_KEY is a key pointing to a trust
store file. |
static String |
TRUSTSTORE_FILE_VAL
Constant
TRUSTSTORE_FILE_VAL is a default truststore file. |
static String |
TRUSTSTORE_PWD_KEY
Constant
TRUSTSTORE_PWD_KEY is a key pointing to a trustore
file password. |
static String |
TRUSTSTORE_PWD_VAL
Constant
TRUSTSTORE_PWD_VAL is a default password for
truststore file. |
Modifier and Type | Method and Description |
---|---|
void |
addCertificates(Map<String,String> params)
Method
addCertificates allows to add more certificates at
run time after the container has bee already initialized. |
SSLContext |
getSSLContext(String protocol,
String hostname,
boolean clientMode)
Method
getSSLContext creates and returns new SSLContext for
a given domain (hostname). |
SSLContext |
getSSLContext(String protocol,
String hostname,
boolean clientMode,
TrustManager... tms) |
KeyStore |
getTrustStore()
Returns a trust store with all trusted certificates.
|
void |
init(Map<String,Object> params)
Method
init method initializes the container. |
static final String ALLOW_INVALID_CERTS_KEY
ALLOW_INVALID_CERTS_KEY
is a key pointing to a
configuration parameters specyfying if invalid certificates are
acceptable by the server. Invalid certificates are expired ones or
certificates issued for a different domain. This should be really set to
false
in any real deployment and can be set ot
true
in development invironment.static final String ALLOW_INVALID_CERTS_VAL
ALLOW_INVALID_CERTS_VAL
is a default configuration
parameter specifying if invalid certificates are acceptable by the
server.static final String ALLOW_SELF_SIGNED_CERTS_KEY
ALLOW_SELF_SIGNED_CERTS_KEY
is a key pointing to a
configuration parameter specifying if self-signed certificates are
acceptable for the server.static final String ALLOW_SELF_SIGNED_CERTS_VAL
ALLOW_SELF_SIGNED_CERTS_VAL
is a default
configuration value specifying if self-signed certificates are allowed by
the server.static final String CERT_ALIAS_KEY
static final String CERT_SAVE_TO_DISK_KEY
static final String DEFAULT_DOMAIN_CERT_KEY
DEFAULT_DOMAIN_CERT_KEY
is a key pointing to the
domain with default certificate.static final String DEFAULT_DOMAIN_CERT_VAL
DEFAULT_DOMAIN_CERT_VAL
keeps default value for a
domain with default certificate.static final String JKS_KEYSTORE_FILE_KEY
JKS_KEYSTORE_FILE_KEY
is a key pointing to a JKS
keystore file.static final String JKS_KEYSTORE_FILE_VAL
JKS_KEYSTORE_FILE_VAL
keeps default value for a JKS
keystore file.static final String JKS_KEYSTORE_PWD_KEY
JKS_KEYSTORE_PWD_KEY
is a key pointing to a private
key password,static final String JKS_KEYSTORE_PWD_VAL
JKS_KEYSTORE_PWD_VAL
is a default private key
password.static final String PEM_CERTIFICATE_KEY
static final String SERVER_CERTS_LOCATION_KEY
SERVER_CERTS_DIR_KEY
is a key pointing to a
configuration parameter with directory names where all server
certificates are stored. This can be a comma separated list of
directories, instead of a single directory name. Certificates are stored
in *.pem
files where the first part of the file name is a
domain name i.e.: yourdomain.com.pem
. There is one exception
though. The file named default.pem
stores a certificate
which is a default certificate for the server if certificate for specific
domain is missing.static final String SERVER_CERTS_LOCATION_VAL
SERVER_CERTS_DIR_VAL
is a default directory name
where all certificate files are stored.static final String SSL_CONTAINER_CLASS_KEY
SSL_CONTAINER_CLASS_KEY
is a key pointing to a
container implementation class. The class is loaded at startup time and
initialized using configuration parameters. Some container
implementations may accept different parameters set. Please refer to the
implementation for more details.static final String SSL_CONTAINER_CLASS_VAL
SSL_CONTAINER_CLASS_VAL
keeps default container
implementation class loaded if none is specified in configuration file.static final String TRUSTED_CERTS_DIR_KEY
TRUSTED_CERTS_DIR_KEY
is a key pointing to a
configuration parameter where all trusted certificates are stored. This
can be a comma separated list of directories.static final String TRUSTED_CERTS_DIR_VAL
TRUSTED_CERTS_DIR_VAL
is a default directory name
where all trusted certificates are stored.static final String TRUSTSTORE_FILE_KEY
TRUSTSTORE_FILE_KEY
is a key pointing to a trust
store file.static final String TRUSTSTORE_FILE_VAL
TRUSTSTORE_FILE_VAL
is a default truststore file.static final String TRUSTSTORE_PWD_KEY
TRUSTSTORE_PWD_KEY
is a key pointing to a trustore
file password.static final String TRUSTSTORE_PWD_VAL
TRUSTSTORE_PWD_VAL
is a default password for
truststore file.void addCertificates(Map<String,String> params) throws CertificateParsingException
addCertificates
allows to add more certificates at
run time after the container has bee already initialized. This is to
avoid server restart if there are certificates updates or new
certificates for new virtual domain. The method should add new
certificates or replace existing one if there is already a certificate
for a domain.params
- a Map
value with configuration parameters.CertificateParsingException
SSLContext getSSLContext(String protocol, String hostname, boolean clientMode)
getSSLContext
creates and returns new SSLContext for
a given domain (hostname). For creation of the SSLContext a certificate
associated with this domain (hostname) should be used. If there is no
specific certificate for a given domain then default certificate should
be used.protocol
- a String
is either 'SSL' or 'TLS' value.hostname
- a String
value keeps a hostname or domain for
SSLContext.SSLContext
valueSSLContext getSSLContext(String protocol, String hostname, boolean clientMode, TrustManager... tms)
KeyStore getTrustStore()
void init(Map<String,Object> params)
init
method initializes the container. If the
container has been already initialized then it should clear all the data
and re-initialize the container with the "fresh" data. If there is only
one certificate loaded it is a default one as well. Otherwise the
certificate from default.pem
file should be used as a
default one. Default certificate can be also set through the settings in
the Map
given as a parameter.
DEFAULT_DOMAIN_CERT_KEY
points to the domain which holds
default certificate.params
- a Map
valueCopyright © 2019 "Tigase, Inc.". All rights reserved.