@Bean(name="sslContextContainer", parent=ConnectionManager.class, active=true) public class SSLContextContainer extends SSLContextContainerAbstract
Modifier and Type | Class and Description |
---|---|
static class |
SSLContextContainer.Root |
SSLContextContainerAbstract.SSLHolder
Modifier and Type | Field and Description |
---|---|
protected EventBus |
eventBus |
protected Map<String,SSLContextContainerAbstract.SSLHolder> |
sslContexts |
ALLOW_INVALID_CERTS_KEY, ALLOW_INVALID_CERTS_VAL, ALLOW_SELF_SIGNED_CERTS_KEY, ALLOW_SELF_SIGNED_CERTS_VAL, CERT_ALIAS_KEY, CERT_SAVE_TO_DISK_KEY, DEFAULT_DOMAIN_CERT_KEY, DEFAULT_DOMAIN_CERT_VAL, JKS_KEYSTORE_FILE_KEY, JKS_KEYSTORE_FILE_VAL, JKS_KEYSTORE_PWD_KEY, JKS_KEYSTORE_PWD_VAL, PEM_CERTIFICATE_KEY, SERVER_CERTS_LOCATION_KEY, SERVER_CERTS_LOCATION_VAL, SSL_CONTAINER_CLASS_KEY, SSL_CONTAINER_CLASS_VAL, TRUSTED_CERTS_DIR_KEY, TRUSTED_CERTS_DIR_VAL, TRUSTSTORE_FILE_KEY, TRUSTSTORE_FILE_VAL, TRUSTSTORE_PWD_KEY, TRUSTSTORE_PWD_VAL
Constructor and Description |
---|
SSLContextContainer()
Constructor for bean only
|
SSLContextContainer(CertificateContainerIfc certContainer)
Constructor used to create root SSLContextContainer instance which should cache only SSLContext instances where
array of TrustManagers is not set - common for all ConnectionManagers.
|
SSLContextContainer(CertificateContainerIfc certContainer,
SSLContextContainerIfc parent)
Constructor used to create instances for every ConnectionManager so that every connection manager can have
different TrustManagers and SSLContext instance will still be cached.
|
Modifier and Type | Method and Description |
---|---|
IOInterface |
createIoInterface(String protocol,
String tls_hostname,
int port,
boolean clientMode,
boolean wantClientAuth,
boolean needClientAuth,
ByteOrder byteOrder,
TrustManager[] x509TrustManagers,
TLSEventHandler eventHandler,
IOInterface socketIO,
CertificateContainerIfc certificateContainer) |
String[] |
getEnabledCiphers() |
String[] |
getEnabledProtocols() |
SSLContext |
getSSLContext(String protocol,
String hostname,
boolean clientMode,
TrustManager[] tms)
Method
getSSLContext creates and returns new SSLContext for a given domain (hostname). |
KeyStore |
getTrustStore()
Returns a trust store with all trusted certificates.
|
void |
setEnabledCiphers(String[] enabledCiphers) |
void |
setEnabledProtocols(String[] enabledProtocols) |
void |
setHardenedMode(boolean hardenedMode) |
void |
setParent(SSLContextContainerIfc parent) |
void |
setTlsJdkNssBugWorkaround(boolean value) |
void |
start() |
void |
stop() |
addCertificates, createCertificate, createContextHolder, find, getDefCertAlias, getKeyManagers, getSSLContext, getTrustManagers
protected Map<String,SSLContextContainerAbstract.SSLHolder> sslContexts
public SSLContextContainer()
public SSLContextContainer(CertificateContainerIfc certContainer)
certContainer
- public SSLContextContainer(CertificateContainerIfc certContainer, SSLContextContainerIfc parent)
certContainer
- parent
- public IOInterface createIoInterface(String protocol, String tls_hostname, int port, boolean clientMode, boolean wantClientAuth, boolean needClientAuth, ByteOrder byteOrder, TrustManager[] x509TrustManagers, TLSEventHandler eventHandler, IOInterface socketIO, CertificateContainerIfc certificateContainer) throws IOException
IOException
public String[] getEnabledCiphers()
public void setEnabledCiphers(String[] enabledCiphers)
public String[] getEnabledProtocols()
public void setEnabledProtocols(String[] enabledProtocols)
public SSLContext getSSLContext(String protocol, String hostname, boolean clientMode, TrustManager[] tms)
SSLContextContainerIfc
getSSLContext
creates and returns new SSLContext for a given domain (hostname). For creation
of the SSLContext a certificate associated with this domain (hostname) should be used. If there is no specific
certificate for a given domain then default certificate should be used.protocol
- a String
is either 'SSL' or 'TLS' value.hostname
- a String
value keeps a hostname or domain for SSLContext.clientMode
- if set SSLContext will be created for client mode (ie. creation of server certificate will be
skipped if there is no certificate)tms
- array of TrustManagers which should be used to validate remote certificateSSLContext
valuepublic KeyStore getTrustStore()
SSLContextContainerIfc
getTrustStore
in interface SSLContextContainerIfc
getTrustStore
in class SSLContextContainerAbstract
public void setHardenedMode(boolean hardenedMode)
public void setParent(SSLContextContainerIfc parent)
public void setTlsJdkNssBugWorkaround(boolean value)
public void start()
public void stop()
Copyright © 2004–2019 "Tigase, Inc.". All rights reserved.