Package tigase.io
Class SSLContextContainer
- java.lang.Object
-
- tigase.io.SSLContextContainerAbstract
-
- tigase.io.SSLContextContainer
-
- All Implemented Interfaces:
SSLContextContainerIfc
,Initializable
,Lifecycle
- Direct Known Subclasses:
SSLContextContainer.Root
@Bean(name="sslContextContainer", parent=ConnectionManager.class, active=true) public class SSLContextContainer extends SSLContextContainerAbstract implements Initializable
Created: Oct 15, 2010 2:40:49 PM- Author:
- Artur Hefczyc
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
SSLContextContainer.HARDENED_MODE
static class
SSLContextContainer.HardenedModeVHostItemExtension
static class
SSLContextContainer.HardenedModeVHostItemExtensionProvider
static class
SSLContextContainer.Root
-
Nested classes/interfaces inherited from class tigase.io.SSLContextContainerAbstract
SSLContextContainerAbstract.SSLHolder
-
-
Field Summary
Fields Modifier and Type Field Description protected EventBus
eventBus
protected java.util.Map<java.lang.String,SSLContextContainerAbstract.SSLHolder>
sslContexts
protected VHostManagerIfc
vHostManager
-
Fields inherited from interface tigase.io.SSLContextContainerIfc
ALLOW_INVALID_CERTS_KEY, ALLOW_INVALID_CERTS_VAL, ALLOW_SELF_SIGNED_CERTS_KEY, ALLOW_SELF_SIGNED_CERTS_VAL, CERT_ALIAS_KEY, CERT_SAVE_TO_DISK_KEY, DEFAULT_DOMAIN_CERT_KEY, DEFAULT_DOMAIN_CERT_VAL, JKS_KEYSTORE_FILE_KEY, JKS_KEYSTORE_FILE_VAL, JKS_KEYSTORE_PWD_KEY, JKS_KEYSTORE_PWD_VAL, PEM_CERTIFICATE_KEY, SERVER_CERTS_LOCATION_KEY, SERVER_CERTS_LOCATION_VAL, SSL_CONTAINER_CLASS_KEY, SSL_CONTAINER_CLASS_VAL, TRUSTED_CERTS_DIR_KEY, TRUSTED_CERTS_DIR_VAL, TRUSTSTORE_FILE_KEY, TRUSTSTORE_FILE_VAL, TRUSTSTORE_PWD_KEY, TRUSTSTORE_PWD_VAL
-
-
Constructor Summary
Constructors Constructor Description SSLContextContainer()
Constructor for bean onlySSLContextContainer(CertificateContainerIfc certContainer)
Constructor used to create root SSLContextContainer instance which should cache only SSLContext instances where array of TrustManagers is not set - common for all ConnectionManagers.SSLContextContainer(CertificateContainerIfc certContainer, SSLContextContainerIfc parent)
Constructor used to create instances for every ConnectionManager so that every connection manager can have different TrustManagers and SSLContext instance will still be cached.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description IOInterface
createIoInterface(java.lang.String protocol, java.lang.String local_hostname, java.lang.String remote_hostname, int port, boolean clientMode, boolean wantClientAuth, boolean needClientAuth, java.nio.ByteOrder byteOrder, javax.net.ssl.TrustManager[] x509TrustManagers, TLSEventHandler eventHandler, IOInterface socketIO, CertificateContainerIfc certificateContainer)
java.lang.String[]
getEnabledCiphers(java.lang.String domain)
java.lang.String[]
getEnabledProtocols(java.lang.String domain, boolean client)
javax.net.ssl.SSLContext
getSSLContext(java.lang.String protocol, java.lang.String hostname, boolean clientMode, javax.net.ssl.TrustManager[] tms)
MethodgetSSLContext
creates and returns new SSLContext for a given domain (hostname).java.security.KeyStore
getTrustStore()
Returns a trust store with all trusted certificates.void
initialize()
Method will be called, when bean will be created, configured and ready to use.void
setEnabledCiphers(java.lang.String[] enabledCiphers)
void
setEnabledProtocols(java.lang.String[] enabledProtocols)
void
setEphemeralDHKeySize(int ephemeralDHKeySize)
void
setHardenedMode(SSLContextContainer.HARDENED_MODE hardenedMode)
void
setParent(SSLContextContainerIfc parent)
void
setTlsJdkNssBugWorkaround(boolean value)
void
start()
void
stop()
-
Methods inherited from class tigase.io.SSLContextContainerAbstract
addCertificates, createCertificate, createContextHolder, find, getDefCertAlias, getKeyManagers, getSSLContext, getTrustManagers
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface tigase.io.SSLContextContainerIfc
createIoInterface, getEnabledCiphers, getEnabledProtocols
-
-
-
-
Field Detail
-
sslContexts
protected java.util.Map<java.lang.String,SSLContextContainerAbstract.SSLHolder> sslContexts
-
vHostManager
@Inject(nullAllowed=true) protected VHostManagerIfc vHostManager
-
-
Constructor Detail
-
SSLContextContainer
public SSLContextContainer()
Constructor for bean only
-
SSLContextContainer
public SSLContextContainer(CertificateContainerIfc certContainer)
Constructor used to create root SSLContextContainer instance which should cache only SSLContext instances where array of TrustManagers is not set - common for all ConnectionManagers. This instance is kept by TLSUtil class.
-
SSLContextContainer
public SSLContextContainer(CertificateContainerIfc certContainer, SSLContextContainerIfc parent)
Constructor used to create instances for every ConnectionManager so that every connection manager can have different TrustManagers and SSLContext instance will still be cached.
-
-
Method Detail
-
createIoInterface
public IOInterface createIoInterface(java.lang.String protocol, java.lang.String local_hostname, java.lang.String remote_hostname, int port, boolean clientMode, boolean wantClientAuth, boolean needClientAuth, java.nio.ByteOrder byteOrder, javax.net.ssl.TrustManager[] x509TrustManagers, TLSEventHandler eventHandler, IOInterface socketIO, CertificateContainerIfc certificateContainer) throws java.io.IOException
- Specified by:
createIoInterface
in interfaceSSLContextContainerIfc
- Throws:
java.io.IOException
-
getEnabledCiphers
public java.lang.String[] getEnabledCiphers(java.lang.String domain)
- Specified by:
getEnabledCiphers
in interfaceSSLContextContainerIfc
-
setEnabledCiphers
public void setEnabledCiphers(java.lang.String[] enabledCiphers)
-
getEnabledProtocols
public java.lang.String[] getEnabledProtocols(java.lang.String domain, boolean client)
- Specified by:
getEnabledProtocols
in interfaceSSLContextContainerIfc
-
setEnabledProtocols
public void setEnabledProtocols(java.lang.String[] enabledProtocols)
-
setEphemeralDHKeySize
public void setEphemeralDHKeySize(int ephemeralDHKeySize)
-
getSSLContext
public javax.net.ssl.SSLContext getSSLContext(java.lang.String protocol, java.lang.String hostname, boolean clientMode, javax.net.ssl.TrustManager[] tms)
Description copied from interface:SSLContextContainerIfc
MethodgetSSLContext
creates and returns new SSLContext for a given domain (hostname). For creation of the SSLContext a certificate associated with this domain (hostname) should be used. If there is no specific certificate for a given domain then default certificate should be used.- Specified by:
getSSLContext
in interfaceSSLContextContainerIfc
- Parameters:
protocol
- aString
is either 'SSL' or 'TLS' value.hostname
- aString
value keeps a hostname or domain for SSLContext.clientMode
- if set SSLContext will be created for client mode (ie. creation of server certificate will be skipped if there is no certificate)tms
- array of TrustManagers which should be used to validate remote certificate- Returns:
- a
SSLContext
value
-
getTrustStore
public java.security.KeyStore getTrustStore()
Description copied from interface:SSLContextContainerIfc
Returns a trust store with all trusted certificates.- Specified by:
getTrustStore
in interfaceSSLContextContainerIfc
- Overrides:
getTrustStore
in classSSLContextContainerAbstract
- Returns:
- a KeyStore with all trusted certificates, the KeyStore can be empty but cannot be null.
-
setHardenedMode
public void setHardenedMode(SSLContextContainer.HARDENED_MODE hardenedMode)
-
setParent
public void setParent(SSLContextContainerIfc parent)
-
setTlsJdkNssBugWorkaround
public void setTlsJdkNssBugWorkaround(boolean value)
-
initialize
public void initialize()
Description copied from interface:Initializable
Method will be called, when bean will be created, configured and ready to use.- Specified by:
initialize
in interfaceInitializable
-
-