Package tigase.io
Interface SSLContextContainerIfc
-
- All Superinterfaces:
Lifecycle
- All Known Implementing Classes:
SSLContextContainer
,SSLContextContainer.Root
,SSLContextContainerAbstract
public interface SSLContextContainerIfc extends Lifecycle
Describe interface SSLContextContainerIfc here.
Created: Tue Nov 20 11:43:32 2007- Author:
- Artur Hefczyc
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
ALLOW_INVALID_CERTS_KEY
ConstantALLOW_INVALID_CERTS_KEY
is a key pointing to a configuration parameters specyfying if invalid certificates are acceptable by the server.static java.lang.String
ALLOW_INVALID_CERTS_VAL
ConstantALLOW_INVALID_CERTS_VAL
is a default configuration parameter specifying if invalid certificates are acceptable by the server.static java.lang.String
ALLOW_SELF_SIGNED_CERTS_KEY
ConstantALLOW_SELF_SIGNED_CERTS_KEY
is a key pointing to a configuration parameter specifying if self-signed certificates are acceptable for the server.static java.lang.String
ALLOW_SELF_SIGNED_CERTS_VAL
ConstantALLOW_SELF_SIGNED_CERTS_VAL
is a default configuration value specifying if self-signed certificates are allowed by the server.static java.lang.String
CERT_ALIAS_KEY
static java.lang.String
CERT_SAVE_TO_DISK_KEY
static java.lang.String
DEFAULT_DOMAIN_CERT_KEY
ConstantDEFAULT_DOMAIN_CERT_KEY
is a key pointing to the domain with default certificate.static java.lang.String
DEFAULT_DOMAIN_CERT_VAL
ConstantDEFAULT_DOMAIN_CERT_VAL
keeps default value for a domain with default certificate.static java.lang.String
JKS_KEYSTORE_FILE_KEY
ConstantJKS_KEYSTORE_FILE_KEY
is a key pointing to a JKS keystore file.static java.lang.String
JKS_KEYSTORE_FILE_VAL
ConstantJKS_KEYSTORE_FILE_VAL
keeps default value for a JKS keystore file.static java.lang.String
JKS_KEYSTORE_PWD_KEY
ConstantJKS_KEYSTORE_PWD_KEY
is a key pointing to a private key password,static java.lang.String
JKS_KEYSTORE_PWD_VAL
ConstantJKS_KEYSTORE_PWD_VAL
is a default private key password.static java.lang.String
PEM_CERTIFICATE_KEY
static java.lang.String
SERVER_CERTS_LOCATION_KEY
ConstantSERVER_CERTS_DIR_KEY
is a key pointing to a configuration parameter with directory names where all server certificates are stored.static java.lang.String
SERVER_CERTS_LOCATION_VAL
ConstantSERVER_CERTS_DIR_VAL
is a default directory name where all certificate files are stored.static java.lang.String
SSL_CONTAINER_CLASS_KEY
ConstantSSL_CONTAINER_CLASS_KEY
is a key pointing to a container implementation class.static java.lang.String
SSL_CONTAINER_CLASS_VAL
ConstantSSL_CONTAINER_CLASS_VAL
keeps default container implementation class loaded if none is specified in configuration file.static java.lang.String
TRUSTED_CERTS_DIR_KEY
ConstantTRUSTED_CERTS_DIR_KEY
is a key pointing to a configuration parameter where all trusted certificates are stored.static java.lang.String
TRUSTED_CERTS_DIR_VAL
ConstantTRUSTED_CERTS_DIR_VAL
is a default directory name where all trusted certificates are stored.static java.lang.String
TRUSTSTORE_FILE_KEY
ConstantTRUSTSTORE_FILE_KEY
is a key pointing to a trust store file.static java.lang.String
TRUSTSTORE_FILE_VAL
ConstantTRUSTSTORE_FILE_VAL
is a default truststore file.static java.lang.String
TRUSTSTORE_PWD_KEY
ConstantTRUSTSTORE_PWD_KEY
is a key pointing to a trustore file password.static java.lang.String
TRUSTSTORE_PWD_VAL
ConstantTRUSTSTORE_PWD_VAL
is a default password for truststore file.
-
Method Summary
All Methods Instance Methods Abstract Methods Default Methods Deprecated Methods Modifier and Type Method Description void
addCertificates(java.util.Map<java.lang.String,java.lang.String> params)
MethodaddCertificates
allows to add more certificates at run time after the container has bee already initialized.default IOInterface
createIoInterface(java.lang.String protocol, java.lang.String tls_hostname, int port, boolean clientMode, boolean wantClientAuth, boolean needClientAuth, java.nio.ByteOrder byteOrder, javax.net.ssl.TrustManager[] x509TrustManagers, TLSEventHandler eventHandler, IOInterface ioi, CertificateContainerIfc certificateContainer)
Deprecated.IOInterface
createIoInterface(java.lang.String protocol, java.lang.String local_hostname, java.lang.String remote_hostname, int port, boolean clientMode, boolean wantClientAuth, boolean needClientAuth, java.nio.ByteOrder byteOrder, javax.net.ssl.TrustManager[] x509TrustManagers, TLSEventHandler eventHandler, IOInterface ioi, CertificateContainerIfc certificateContainer)
default java.lang.String[]
getEnabledCiphers()
Deprecated.java.lang.String[]
getEnabledCiphers(java.lang.String domain)
default java.lang.String[]
getEnabledProtocols()
Deprecated.java.lang.String[]
getEnabledProtocols(java.lang.String domain, boolean client)
javax.net.ssl.SSLContext
getSSLContext(java.lang.String protocol, java.lang.String hostname, boolean clientMode)
MethodgetSSLContext
creates and returns new SSLContext for a given domain (hostname).javax.net.ssl.SSLContext
getSSLContext(java.lang.String protocol, java.lang.String hostname, boolean clientMode, javax.net.ssl.TrustManager[] tms)
MethodgetSSLContext
creates and returns new SSLContext for a given domain (hostname).java.security.KeyStore
getTrustStore()
Returns a trust store with all trusted certificates.
-
-
-
Field Detail
-
ALLOW_INVALID_CERTS_KEY
static final java.lang.String ALLOW_INVALID_CERTS_KEY
ConstantALLOW_INVALID_CERTS_KEY
is a key pointing to a configuration parameters specyfying if invalid certificates are acceptable by the server. Invalid certificates are expired ones or certificates issued for a different domain. This should be really set tofalse
in any real deployment and can be set ottrue
in development invironment.- See Also:
- Constant Field Values
-
ALLOW_INVALID_CERTS_VAL
static final java.lang.String ALLOW_INVALID_CERTS_VAL
ConstantALLOW_INVALID_CERTS_VAL
is a default configuration parameter specifying if invalid certificates are acceptable by the server.- See Also:
- Constant Field Values
-
ALLOW_SELF_SIGNED_CERTS_KEY
static final java.lang.String ALLOW_SELF_SIGNED_CERTS_KEY
ConstantALLOW_SELF_SIGNED_CERTS_KEY
is a key pointing to a configuration parameter specifying if self-signed certificates are acceptable for the server.- See Also:
- Constant Field Values
-
ALLOW_SELF_SIGNED_CERTS_VAL
static final java.lang.String ALLOW_SELF_SIGNED_CERTS_VAL
ConstantALLOW_SELF_SIGNED_CERTS_VAL
is a default configuration value specifying if self-signed certificates are allowed by the server.- See Also:
- Constant Field Values
-
CERT_ALIAS_KEY
static final java.lang.String CERT_ALIAS_KEY
- See Also:
- Constant Field Values
-
CERT_SAVE_TO_DISK_KEY
static final java.lang.String CERT_SAVE_TO_DISK_KEY
- See Also:
- Constant Field Values
-
DEFAULT_DOMAIN_CERT_KEY
static final java.lang.String DEFAULT_DOMAIN_CERT_KEY
ConstantDEFAULT_DOMAIN_CERT_KEY
is a key pointing to the domain with default certificate.- See Also:
- Constant Field Values
-
DEFAULT_DOMAIN_CERT_VAL
static final java.lang.String DEFAULT_DOMAIN_CERT_VAL
ConstantDEFAULT_DOMAIN_CERT_VAL
keeps default value for a domain with default certificate.- See Also:
- Constant Field Values
-
JKS_KEYSTORE_FILE_KEY
static final java.lang.String JKS_KEYSTORE_FILE_KEY
ConstantJKS_KEYSTORE_FILE_KEY
is a key pointing to a JKS keystore file.- See Also:
- Constant Field Values
-
JKS_KEYSTORE_FILE_VAL
static final java.lang.String JKS_KEYSTORE_FILE_VAL
ConstantJKS_KEYSTORE_FILE_VAL
keeps default value for a JKS keystore file.
-
JKS_KEYSTORE_PWD_KEY
static final java.lang.String JKS_KEYSTORE_PWD_KEY
ConstantJKS_KEYSTORE_PWD_KEY
is a key pointing to a private key password,- See Also:
- Constant Field Values
-
JKS_KEYSTORE_PWD_VAL
static final java.lang.String JKS_KEYSTORE_PWD_VAL
ConstantJKS_KEYSTORE_PWD_VAL
is a default private key password.- See Also:
- Constant Field Values
-
PEM_CERTIFICATE_KEY
static final java.lang.String PEM_CERTIFICATE_KEY
- See Also:
- Constant Field Values
-
SERVER_CERTS_LOCATION_KEY
static final java.lang.String SERVER_CERTS_LOCATION_KEY
ConstantSERVER_CERTS_DIR_KEY
is a key pointing to a configuration parameter with directory names where all server certificates are stored. This can be a comma separated list of directories, instead of a single directory name. Certificates are stored in*.pem
files where the first part of the file name is a domain name i.e.:yourdomain.com.pem
. There is one exception though. The file nameddefault.pem
stores a certificate which is a default certificate for the server if certificate for specific domain is missing.- See Also:
- Constant Field Values
-
SERVER_CERTS_LOCATION_VAL
static final java.lang.String SERVER_CERTS_LOCATION_VAL
ConstantSERVER_CERTS_DIR_VAL
is a default directory name where all certificate files are stored.- See Also:
- Constant Field Values
-
SSL_CONTAINER_CLASS_KEY
static final java.lang.String SSL_CONTAINER_CLASS_KEY
ConstantSSL_CONTAINER_CLASS_KEY
is a key pointing to a container implementation class. The class is loaded at startup time and initialized using configuration parameters. Some container implementations may accept different parameters set. Please refer to the implementation for more details.- See Also:
- Constant Field Values
-
SSL_CONTAINER_CLASS_VAL
static final java.lang.String SSL_CONTAINER_CLASS_VAL
ConstantSSL_CONTAINER_CLASS_VAL
keeps default container implementation class loaded if none is specified in configuration file.
-
TRUSTED_CERTS_DIR_KEY
static final java.lang.String TRUSTED_CERTS_DIR_KEY
ConstantTRUSTED_CERTS_DIR_KEY
is a key pointing to a configuration parameter where all trusted certificates are stored. This can be a comma separated list of directories.- See Also:
- Constant Field Values
-
TRUSTED_CERTS_DIR_VAL
static final java.lang.String TRUSTED_CERTS_DIR_VAL
ConstantTRUSTED_CERTS_DIR_VAL
is a default directory name where all trusted certificates are stored.- See Also:
- Constant Field Values
-
TRUSTSTORE_FILE_KEY
static final java.lang.String TRUSTSTORE_FILE_KEY
ConstantTRUSTSTORE_FILE_KEY
is a key pointing to a trust store file.- See Also:
- Constant Field Values
-
TRUSTSTORE_FILE_VAL
static final java.lang.String TRUSTSTORE_FILE_VAL
ConstantTRUSTSTORE_FILE_VAL
is a default truststore file.
-
TRUSTSTORE_PWD_KEY
static final java.lang.String TRUSTSTORE_PWD_KEY
ConstantTRUSTSTORE_PWD_KEY
is a key pointing to a trustore file password.- See Also:
- Constant Field Values
-
TRUSTSTORE_PWD_VAL
static final java.lang.String TRUSTSTORE_PWD_VAL
ConstantTRUSTSTORE_PWD_VAL
is a default password for truststore file.- See Also:
- Constant Field Values
-
-
Method Detail
-
addCertificates
void addCertificates(java.util.Map<java.lang.String,java.lang.String> params) throws java.security.cert.CertificateParsingException
MethodaddCertificates
allows to add more certificates at run time after the container has bee already initialized. This is to avoid server restart if there are certificates updates or new certificates for new virtual domain. The method should add new certificates or replace existing one if there is already a certificate for a domain.- Parameters:
params
- aMap
value with configuration parameters.- Throws:
java.security.cert.CertificateParsingException
-
createIoInterface
IOInterface createIoInterface(java.lang.String protocol, java.lang.String local_hostname, java.lang.String remote_hostname, int port, boolean clientMode, boolean wantClientAuth, boolean needClientAuth, java.nio.ByteOrder byteOrder, javax.net.ssl.TrustManager[] x509TrustManagers, TLSEventHandler eventHandler, IOInterface ioi, CertificateContainerIfc certificateContainer) throws java.io.IOException
- Throws:
java.io.IOException
-
createIoInterface
@Deprecated default IOInterface createIoInterface(java.lang.String protocol, java.lang.String tls_hostname, int port, boolean clientMode, boolean wantClientAuth, boolean needClientAuth, java.nio.ByteOrder byteOrder, javax.net.ssl.TrustManager[] x509TrustManagers, TLSEventHandler eventHandler, IOInterface ioi, CertificateContainerIfc certificateContainer) throws java.io.IOException
Deprecated.- Throws:
java.io.IOException
-
getSSLContext
javax.net.ssl.SSLContext getSSLContext(java.lang.String protocol, java.lang.String hostname, boolean clientMode)
MethodgetSSLContext
creates and returns new SSLContext for a given domain (hostname). For creation of the SSLContext a certificate associated with this domain (hostname) should be used. If there is no specific certificate for a given domain then default certificate should be used.- Parameters:
protocol
- aString
is either 'SSL' or 'TLS' value.hostname
- aString
value keeps a hostname or domain for SSLContext.clientMode
- if set SSLContext will be created for client mode (ie. creation of server certificate will be skipped if there is no certificate)- Returns:
- a
SSLContext
value
-
getSSLContext
javax.net.ssl.SSLContext getSSLContext(java.lang.String protocol, java.lang.String hostname, boolean clientMode, javax.net.ssl.TrustManager[] tms)
MethodgetSSLContext
creates and returns new SSLContext for a given domain (hostname). For creation of the SSLContext a certificate associated with this domain (hostname) should be used. If there is no specific certificate for a given domain then default certificate should be used.- Parameters:
protocol
- aString
is either 'SSL' or 'TLS' value.hostname
- aString
value keeps a hostname or domain for SSLContext.clientMode
- if set SSLContext will be created for client mode (ie. creation of server certificate will be skipped if there is no certificate)tms
- array of TrustManagers which should be used to validate remote certificate- Returns:
- a
SSLContext
value
-
getTrustStore
java.security.KeyStore getTrustStore()
Returns a trust store with all trusted certificates.- Returns:
- a KeyStore with all trusted certificates, the KeyStore can be empty but cannot be null.
-
getEnabledCiphers
java.lang.String[] getEnabledCiphers(java.lang.String domain)
-
getEnabledProtocols
java.lang.String[] getEnabledProtocols(java.lang.String domain, boolean client)
-
getEnabledCiphers
@Deprecated default java.lang.String[] getEnabledCiphers()
Deprecated.
-
getEnabledProtocols
@Deprecated default java.lang.String[] getEnabledProtocols()
Deprecated.
-
-