Package tigase.io

Interface SSLContextContainerIfc

All Superinterfaces:
Lifecycle
All Known Implementing Classes:
SSLContextContainer, SSLContextContainer.Root, SSLContextContainerAbstract
public interface SSLContextContainerIfc extends Lifecycle
Describe interface SSLContextContainerIfc here.
Created: Tue Nov 20 11:43:32 2007
Author:
Artur Hefczyc

  • Field Details

    • ALLOW_INVALID_CERTS_KEY

      static final String ALLOW_INVALID_CERTS_KEY
      Constant ALLOW_INVALID_CERTS_KEY is a key pointing to a configuration parameters specyfying if invalid certificates are acceptable by the server. Invalid certificates are expired ones or certificates issued for a different domain. This should be really set to false in any real deployment and can be set ot true in development invironment.
      See Also:

    • ALLOW_INVALID_CERTS_VAL

      static final String ALLOW_INVALID_CERTS_VAL
      Constant ALLOW_INVALID_CERTS_VAL is a default configuration parameter specifying if invalid certificates are acceptable by the server.
      See Also:

    • ALLOW_SELF_SIGNED_CERTS_KEY

      static final String ALLOW_SELF_SIGNED_CERTS_KEY
      Constant ALLOW_SELF_SIGNED_CERTS_KEY is a key pointing to a configuration parameter specifying if self-signed certificates are acceptable for the server.
      See Also:

    • ALLOW_SELF_SIGNED_CERTS_VAL

      static final String ALLOW_SELF_SIGNED_CERTS_VAL
      Constant ALLOW_SELF_SIGNED_CERTS_VAL is a default configuration value specifying if self-signed certificates are allowed by the server.
      See Also:

    • CERT_ALIAS_KEY

      static final String CERT_ALIAS_KEY
      See Also:

    • CERT_SAVE_TO_DISK_KEY

      static final String CERT_SAVE_TO_DISK_KEY
      See Also:

    • DEFAULT_DOMAIN_CERT_KEY

      static final String DEFAULT_DOMAIN_CERT_KEY
      Constant DEFAULT_DOMAIN_CERT_KEY is a key pointing to the domain with default certificate.
      See Also:

    • DEFAULT_DOMAIN_CERT_VAL

      static final String DEFAULT_DOMAIN_CERT_VAL
      Constant DEFAULT_DOMAIN_CERT_VAL keeps default value for a domain with default certificate.
      See Also:

    • JKS_KEYSTORE_FILE_KEY

      static final String JKS_KEYSTORE_FILE_KEY
      Constant JKS_KEYSTORE_FILE_KEY is a key pointing to a JKS keystore file.
      See Also:

    • JKS_KEYSTORE_FILE_VAL

      static final String JKS_KEYSTORE_FILE_VAL
      Constant JKS_KEYSTORE_FILE_VAL keeps default value for a JKS keystore file.

    • JKS_KEYSTORE_PWD_KEY

      static final String JKS_KEYSTORE_PWD_KEY
      Constant JKS_KEYSTORE_PWD_KEY is a key pointing to a private key password,
      See Also:

    • JKS_KEYSTORE_PWD_VAL

      static final String JKS_KEYSTORE_PWD_VAL
      Constant JKS_KEYSTORE_PWD_VAL is a default private key password.
      See Also:

    • PEM_CERTIFICATE_KEY

      static final String PEM_CERTIFICATE_KEY
      See Also:

    • SERVER_CERTS_LOCATION_KEY

      static final String SERVER_CERTS_LOCATION_KEY
      Constant SERVER_CERTS_DIR_KEY is a key pointing to a configuration parameter with directory names where all server certificates are stored. This can be a comma separated list of directories, instead of a single directory name. Certificates are stored in *.pem files where the first part of the file name is a domain name i.e.: yourdomain.com.pem. There is one exception though. The file named default.pem stores a certificate which is a default certificate for the server if certificate for specific domain is missing.
      See Also:

    • SERVER_CERTS_LOCATION_VAL

      static final String SERVER_CERTS_LOCATION_VAL
      Constant SERVER_CERTS_DIR_VAL is a default directory name where all certificate files are stored.
      See Also:

    • SSL_CONTAINER_CLASS_KEY

      static final String SSL_CONTAINER_CLASS_KEY
      Constant SSL_CONTAINER_CLASS_KEY is a key pointing to a container implementation class. The class is loaded at startup time and initialized using configuration parameters. Some container implementations may accept different parameters set. Please refer to the implementation for more details.
      See Also:

    • SSL_CONTAINER_CLASS_VAL

      static final String SSL_CONTAINER_CLASS_VAL
      Constant SSL_CONTAINER_CLASS_VAL keeps default container implementation class loaded if none is specified in configuration file.

    • TRUSTED_CERTS_DIR_KEY

      static final String TRUSTED_CERTS_DIR_KEY
      Constant TRUSTED_CERTS_DIR_KEY is a key pointing to a configuration parameter where all trusted certificates are stored. This can be a comma separated list of directories.
      See Also:

    • TRUSTED_CERTS_DIR_VAL

      static final String TRUSTED_CERTS_DIR_VAL
      Constant TRUSTED_CERTS_DIR_VAL is a default directory name where all trusted certificates are stored.
      See Also:

    • TRUSTSTORE_FILE_KEY

      static final String TRUSTSTORE_FILE_KEY
      Constant TRUSTSTORE_FILE_KEY is a key pointing to a trust store file.
      See Also:

    • TRUSTSTORE_FILE_VAL

      static final String TRUSTSTORE_FILE_VAL
      Constant TRUSTSTORE_FILE_VAL is a default truststore file.

    • TRUSTSTORE_PWD_KEY

      static final String TRUSTSTORE_PWD_KEY
      Constant TRUSTSTORE_PWD_KEY is a key pointing to a trustore file password.
      See Also:

    • TRUSTSTORE_PWD_VAL

      static final String TRUSTSTORE_PWD_VAL
      Constant TRUSTSTORE_PWD_VAL is a default password for truststore file.
      See Also:

  • Method Details

    • addCertificates

      void addCertificates(Map<String,String> params) throws CertificateParsingException
      Method addCertificates allows to add more certificates at run time after the container has bee already initialized. This is to avoid server restart if there are certificates updates or new certificates for new virtual domain. The method should add new certificates or replace existing one if there is already a certificate for a domain.
      Parameters:
      params - a Map value with configuration parameters.
      Throws:
      CertificateParsingException

    • createIoInterface

      IOInterface createIoInterface(String protocol, String local_hostname, String remote_hostname, int port, boolean clientMode, boolean wantClientAuth, boolean needClientAuth, ByteOrder byteOrder, TrustManager[] x509TrustManagers, TLSEventHandler eventHandler, IOInterface ioi, CertificateContainerIfc certificateContainer) throws IOException
      Throws:
      IOException

    • createIoInterface

      @Deprecated default IOInterface createIoInterface(String protocol, String tls_hostname, int port, boolean clientMode, boolean wantClientAuth, boolean needClientAuth, ByteOrder byteOrder, TrustManager[] x509TrustManagers, TLSEventHandler eventHandler, IOInterface ioi, CertificateContainerIfc certificateContainer) throws IOException
      Deprecated.
      Throws:
      IOException

    • getSSLContext

      SSLContext getSSLContext(String protocol, String hostname, boolean clientMode)
      Method getSSLContext creates and returns new SSLContext for a given domain (hostname). For creation of the SSLContext a certificate associated with this domain (hostname) should be used. If there is no specific certificate for a given domain then default certificate should be used.
      Parameters:
      protocol - a String is either 'SSL' or 'TLS' value.
      hostname - a String value keeps a hostname or domain for SSLContext.
      clientMode - if set SSLContext will be created for client mode (ie. creation of server certificate will be skipped if there is no certificate)
      Returns:
      a SSLContext value

    • getSSLContext

      SSLContext getSSLContext(String protocol, String hostname, boolean clientMode, TrustManager[] tms)
      Method getSSLContext creates and returns new SSLContext for a given domain (hostname). For creation of the SSLContext a certificate associated with this domain (hostname) should be used. If there is no specific certificate for a given domain then default certificate should be used.
      Parameters:
      protocol - a String is either 'SSL' or 'TLS' value.
      hostname - a String value keeps a hostname or domain for SSLContext.
      clientMode - if set SSLContext will be created for client mode (ie. creation of server certificate will be skipped if there is no certificate)
      tms - array of TrustManagers which should be used to validate remote certificate
      Returns:
      a SSLContext value

    • getTrustStore

      KeyStore getTrustStore()
      Returns a trust store with all trusted certificates.
      Returns:
      a KeyStore with all trusted certificates, the KeyStore can be empty but cannot be null.

    • getEnabledCiphers

      String[] getEnabledCiphers(String domain)

    • getEnabledProtocols

      String[] getEnabledProtocols(String domain, boolean client)

    • getEnabledCiphers

      @Deprecated default String[] getEnabledCiphers()
      Deprecated.

    • getEnabledProtocols

      @Deprecated default String[] getEnabledProtocols()
      Deprecated.