Package tigase.io

Interface SSLContextContainerIfc

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.String ALLOW_INVALID_CERTS_KEY
      Constant ALLOW_INVALID_CERTS_KEY is a key pointing to a configuration parameters specyfying if invalid certificates are acceptable by the server.
      static java.lang.String ALLOW_INVALID_CERTS_VAL
      Constant ALLOW_INVALID_CERTS_VAL is a default configuration parameter specifying if invalid certificates are acceptable by the server.
      static java.lang.String ALLOW_SELF_SIGNED_CERTS_KEY
      Constant ALLOW_SELF_SIGNED_CERTS_KEY is a key pointing to a configuration parameter specifying if self-signed certificates are acceptable for the server.
      static java.lang.String ALLOW_SELF_SIGNED_CERTS_VAL
      Constant ALLOW_SELF_SIGNED_CERTS_VAL is a default configuration value specifying if self-signed certificates are allowed by the server.
      static java.lang.String CERT_ALIAS_KEY  
      static java.lang.String CERT_SAVE_TO_DISK_KEY  
      static java.lang.String DEFAULT_DOMAIN_CERT_KEY
      Constant DEFAULT_DOMAIN_CERT_KEY is a key pointing to the domain with default certificate.
      static java.lang.String DEFAULT_DOMAIN_CERT_VAL
      Constant DEFAULT_DOMAIN_CERT_VAL keeps default value for a domain with default certificate.
      static java.lang.String JKS_KEYSTORE_FILE_KEY
      Constant JKS_KEYSTORE_FILE_KEY is a key pointing to a JKS keystore file.
      static java.lang.String JKS_KEYSTORE_FILE_VAL
      Constant JKS_KEYSTORE_FILE_VAL keeps default value for a JKS keystore file.
      static java.lang.String JKS_KEYSTORE_PWD_KEY
      Constant JKS_KEYSTORE_PWD_KEY is a key pointing to a private key password,
      static java.lang.String JKS_KEYSTORE_PWD_VAL
      Constant JKS_KEYSTORE_PWD_VAL is a default private key password.
      static java.lang.String PEM_CERTIFICATE_KEY  
      static java.lang.String SERVER_CERTS_LOCATION_KEY
      Constant SERVER_CERTS_DIR_KEY is a key pointing to a configuration parameter with directory names where all server certificates are stored.
      static java.lang.String SERVER_CERTS_LOCATION_VAL
      Constant SERVER_CERTS_DIR_VAL is a default directory name where all certificate files are stored.
      static java.lang.String SSL_CONTAINER_CLASS_KEY
      Constant SSL_CONTAINER_CLASS_KEY is a key pointing to a container implementation class.
      static java.lang.String SSL_CONTAINER_CLASS_VAL
      Constant SSL_CONTAINER_CLASS_VAL keeps default container implementation class loaded if none is specified in configuration file.
      static java.lang.String TRUSTED_CERTS_DIR_KEY
      Constant TRUSTED_CERTS_DIR_KEY is a key pointing to a configuration parameter where all trusted certificates are stored.
      static java.lang.String TRUSTED_CERTS_DIR_VAL
      Constant TRUSTED_CERTS_DIR_VAL is a default directory name where all trusted certificates are stored.
      static java.lang.String TRUSTSTORE_FILE_KEY
      Constant TRUSTSTORE_FILE_KEY is a key pointing to a trust store file.
      static java.lang.String TRUSTSTORE_FILE_VAL
      Constant TRUSTSTORE_FILE_VAL is a default truststore file.
      static java.lang.String TRUSTSTORE_PWD_KEY
      Constant TRUSTSTORE_PWD_KEY is a key pointing to a trustore file password.
      static java.lang.String TRUSTSTORE_PWD_VAL
      Constant TRUSTSTORE_PWD_VAL is a default password for truststore file.

    • Method Summary

      All Methods Instance Methods Abstract Methods Default Methods Deprecated Methods 
      Modifier and Type Method Description
      void addCertificates​(java.util.Map<java.lang.String,​java.lang.String> params)
      Method addCertificates allows to add more certificates at run time after the container has bee already initialized.
      default IOInterface createIoInterface​(java.lang.String protocol, java.lang.String tls_hostname, int port, boolean clientMode, boolean wantClientAuth, boolean needClientAuth, java.nio.ByteOrder byteOrder, javax.net.ssl.TrustManager[] x509TrustManagers, TLSEventHandler eventHandler, IOInterface ioi, CertificateContainerIfc certificateContainer)
      Deprecated.
      IOInterface createIoInterface​(java.lang.String protocol, java.lang.String local_hostname, java.lang.String remote_hostname, int port, boolean clientMode, boolean wantClientAuth, boolean needClientAuth, java.nio.ByteOrder byteOrder, javax.net.ssl.TrustManager[] x509TrustManagers, TLSEventHandler eventHandler, IOInterface ioi, CertificateContainerIfc certificateContainer)  
      default java.lang.String[] getEnabledCiphers()
      Deprecated.
      java.lang.String[] getEnabledCiphers​(java.lang.String domain)  
      default java.lang.String[] getEnabledProtocols()
      Deprecated.
      java.lang.String[] getEnabledProtocols​(java.lang.String domain, boolean client)  
      javax.net.ssl.SSLContext getSSLContext​(java.lang.String protocol, java.lang.String hostname, boolean clientMode)
      Method getSSLContext creates and returns new SSLContext for a given domain (hostname).
      javax.net.ssl.SSLContext getSSLContext​(java.lang.String protocol, java.lang.String hostname, boolean clientMode, javax.net.ssl.TrustManager[] tms)
      Method getSSLContext creates and returns new SSLContext for a given domain (hostname).
      java.security.KeyStore getTrustStore()
      Returns a trust store with all trusted certificates.

    • Field Detail

      • ALLOW_INVALID_CERTS_KEY

        static final java.lang.String ALLOW_INVALID_CERTS_KEY
        Constant ALLOW_INVALID_CERTS_KEY is a key pointing to a configuration parameters specyfying if invalid certificates are acceptable by the server. Invalid certificates are expired ones or certificates issued for a different domain. This should be really set to false in any real deployment and can be set ot true in development invironment.
        See Also:
        Constant Field Values

      • ALLOW_INVALID_CERTS_VAL

        static final java.lang.String ALLOW_INVALID_CERTS_VAL
        Constant ALLOW_INVALID_CERTS_VAL is a default configuration parameter specifying if invalid certificates are acceptable by the server.
        See Also:
        Constant Field Values

      • ALLOW_SELF_SIGNED_CERTS_KEY

        static final java.lang.String ALLOW_SELF_SIGNED_CERTS_KEY
        Constant ALLOW_SELF_SIGNED_CERTS_KEY is a key pointing to a configuration parameter specifying if self-signed certificates are acceptable for the server.
        See Also:
        Constant Field Values

      • ALLOW_SELF_SIGNED_CERTS_VAL

        static final java.lang.String ALLOW_SELF_SIGNED_CERTS_VAL
        Constant ALLOW_SELF_SIGNED_CERTS_VAL is a default configuration value specifying if self-signed certificates are allowed by the server.
        See Also:
        Constant Field Values

      • CERT_SAVE_TO_DISK_KEY

        static final java.lang.String CERT_SAVE_TO_DISK_KEY
        See Also:
        Constant Field Values

      • DEFAULT_DOMAIN_CERT_KEY

        static final java.lang.String DEFAULT_DOMAIN_CERT_KEY
        Constant DEFAULT_DOMAIN_CERT_KEY is a key pointing to the domain with default certificate.
        See Also:
        Constant Field Values

      • DEFAULT_DOMAIN_CERT_VAL

        static final java.lang.String DEFAULT_DOMAIN_CERT_VAL
        Constant DEFAULT_DOMAIN_CERT_VAL keeps default value for a domain with default certificate.
        See Also:
        Constant Field Values

      • JKS_KEYSTORE_FILE_KEY

        static final java.lang.String JKS_KEYSTORE_FILE_KEY
        Constant JKS_KEYSTORE_FILE_KEY is a key pointing to a JKS keystore file.
        See Also:
        Constant Field Values

      • JKS_KEYSTORE_FILE_VAL

        static final java.lang.String JKS_KEYSTORE_FILE_VAL
        Constant JKS_KEYSTORE_FILE_VAL keeps default value for a JKS keystore file.

      • JKS_KEYSTORE_PWD_KEY

        static final java.lang.String JKS_KEYSTORE_PWD_KEY
        Constant JKS_KEYSTORE_PWD_KEY is a key pointing to a private key password,
        See Also:
        Constant Field Values

      • JKS_KEYSTORE_PWD_VAL

        static final java.lang.String JKS_KEYSTORE_PWD_VAL
        Constant JKS_KEYSTORE_PWD_VAL is a default private key password.
        See Also:
        Constant Field Values

      • SERVER_CERTS_LOCATION_KEY

        static final java.lang.String SERVER_CERTS_LOCATION_KEY
        Constant SERVER_CERTS_DIR_KEY is a key pointing to a configuration parameter with directory names where all server certificates are stored. This can be a comma separated list of directories, instead of a single directory name. Certificates are stored in *.pem files where the first part of the file name is a domain name i.e.: yourdomain.com.pem. There is one exception though. The file named default.pem stores a certificate which is a default certificate for the server if certificate for specific domain is missing.
        See Also:
        Constant Field Values

      • SERVER_CERTS_LOCATION_VAL

        static final java.lang.String SERVER_CERTS_LOCATION_VAL
        Constant SERVER_CERTS_DIR_VAL is a default directory name where all certificate files are stored.
        See Also:
        Constant Field Values

      • SSL_CONTAINER_CLASS_KEY

        static final java.lang.String SSL_CONTAINER_CLASS_KEY
        Constant SSL_CONTAINER_CLASS_KEY is a key pointing to a container implementation class. The class is loaded at startup time and initialized using configuration parameters. Some container implementations may accept different parameters set. Please refer to the implementation for more details.
        See Also:
        Constant Field Values

      • SSL_CONTAINER_CLASS_VAL

        static final java.lang.String SSL_CONTAINER_CLASS_VAL
        Constant SSL_CONTAINER_CLASS_VAL keeps default container implementation class loaded if none is specified in configuration file.

      • TRUSTED_CERTS_DIR_KEY

        static final java.lang.String TRUSTED_CERTS_DIR_KEY
        Constant TRUSTED_CERTS_DIR_KEY is a key pointing to a configuration parameter where all trusted certificates are stored. This can be a comma separated list of directories.
        See Also:
        Constant Field Values

      • TRUSTED_CERTS_DIR_VAL

        static final java.lang.String TRUSTED_CERTS_DIR_VAL
        Constant TRUSTED_CERTS_DIR_VAL is a default directory name where all trusted certificates are stored.
        See Also:
        Constant Field Values

      • TRUSTSTORE_FILE_KEY

        static final java.lang.String TRUSTSTORE_FILE_KEY
        Constant TRUSTSTORE_FILE_KEY is a key pointing to a trust store file.
        See Also:
        Constant Field Values

      • TRUSTSTORE_FILE_VAL

        static final java.lang.String TRUSTSTORE_FILE_VAL
        Constant TRUSTSTORE_FILE_VAL is a default truststore file.

      • TRUSTSTORE_PWD_KEY

        static final java.lang.String TRUSTSTORE_PWD_KEY
        Constant TRUSTSTORE_PWD_KEY is a key pointing to a trustore file password.
        See Also:
        Constant Field Values

      • TRUSTSTORE_PWD_VAL

        static final java.lang.String TRUSTSTORE_PWD_VAL
        Constant TRUSTSTORE_PWD_VAL is a default password for truststore file.
        See Also:
        Constant Field Values

    • Method Detail

      • addCertificates

        void addCertificates​(java.util.Map<java.lang.String,​java.lang.String> params)
              throws java.security.cert.CertificateParsingException
        Method addCertificates allows to add more certificates at run time after the container has bee already initialized. This is to avoid server restart if there are certificates updates or new certificates for new virtual domain. The method should add new certificates or replace existing one if there is already a certificate for a domain.
        Parameters:
        params - a Map value with configuration parameters.
        Throws:
        java.security.cert.CertificateParsingException

      • createIoInterface

        IOInterface createIoInterface​(java.lang.String protocol,
                              java.lang.String local_hostname,
                              java.lang.String remote_hostname,
                              int port,
                              boolean clientMode,
                              boolean wantClientAuth,
                              boolean needClientAuth,
                              java.nio.ByteOrder byteOrder,
                              javax.net.ssl.TrustManager[] x509TrustManagers,
                              TLSEventHandler eventHandler,
                              IOInterface ioi,
                              CertificateContainerIfc certificateContainer)
                       throws java.io.IOException
        Throws:
        java.io.IOException

      • createIoInterface

        @Deprecated
default IOInterface createIoInterface​(java.lang.String protocol,
                                      java.lang.String tls_hostname,
                                      int port,
                                      boolean clientMode,
                                      boolean wantClientAuth,
                                      boolean needClientAuth,
                                      java.nio.ByteOrder byteOrder,
                                      javax.net.ssl.TrustManager[] x509TrustManagers,
                                      TLSEventHandler eventHandler,
                                      IOInterface ioi,
                                      CertificateContainerIfc certificateContainer)
                               throws java.io.IOException
        Deprecated.
        Throws:
        java.io.IOException

      • getSSLContext

        javax.net.ssl.SSLContext getSSLContext​(java.lang.String protocol,
                                       java.lang.String hostname,
                                       boolean clientMode)
        Method getSSLContext creates and returns new SSLContext for a given domain (hostname). For creation of the SSLContext a certificate associated with this domain (hostname) should be used. If there is no specific certificate for a given domain then default certificate should be used.
        Parameters:
        protocol - a String is either 'SSL' or 'TLS' value.
        hostname - a String value keeps a hostname or domain for SSLContext.
        clientMode - if set SSLContext will be created for client mode (ie. creation of server certificate will be skipped if there is no certificate)
        Returns:
        a SSLContext value

      • getSSLContext

        javax.net.ssl.SSLContext getSSLContext​(java.lang.String protocol,
                                       java.lang.String hostname,
                                       boolean clientMode,
                                       javax.net.ssl.TrustManager[] tms)
        Method getSSLContext creates and returns new SSLContext for a given domain (hostname). For creation of the SSLContext a certificate associated with this domain (hostname) should be used. If there is no specific certificate for a given domain then default certificate should be used.
        Parameters:
        protocol - a String is either 'SSL' or 'TLS' value.
        hostname - a String value keeps a hostname or domain for SSLContext.
        clientMode - if set SSLContext will be created for client mode (ie. creation of server certificate will be skipped if there is no certificate)
        tms - array of TrustManagers which should be used to validate remote certificate
        Returns:
        a SSLContext value

      • getTrustStore

        java.security.KeyStore getTrustStore()
        Returns a trust store with all trusted certificates.
        Returns:
        a KeyStore with all trusted certificates, the KeyStore can be empty but cannot be null.

      • getEnabledCiphers

        java.lang.String[] getEnabledCiphers​(java.lang.String domain)

      • getEnabledProtocols

        java.lang.String[] getEnabledProtocols​(java.lang.String domain,
                                       boolean client)

      • getEnabledCiphers

        @Deprecated
default java.lang.String[] getEnabledCiphers()
        Deprecated.

      • getEnabledProtocols

        @Deprecated
default java.lang.String[] getEnabledProtocols()
        Deprecated.