public interface SSLContextContainerIfc extends Lifecycle
Modifier and Type | Field and Description |
---|---|
static String |
ALLOW_INVALID_CERTS_KEY
Constant
ALLOW_INVALID_CERTS_KEY is a key pointing to a configuration parameters specyfying if
invalid certificates are acceptable by the server. |
static String |
ALLOW_INVALID_CERTS_VAL
Constant
ALLOW_INVALID_CERTS_VAL is a default configuration parameter specifying if invalid
certificates are acceptable by the server. |
static String |
ALLOW_SELF_SIGNED_CERTS_KEY
Constant
ALLOW_SELF_SIGNED_CERTS_KEY is a key pointing to a configuration parameter specifying if
self-signed certificates are acceptable for the server. |
static String |
ALLOW_SELF_SIGNED_CERTS_VAL
Constant
ALLOW_SELF_SIGNED_CERTS_VAL is a default configuration value specifying if self-signed
certificates are allowed by the server. |
static String |
CERT_ALIAS_KEY |
static String |
CERT_SAVE_TO_DISK_KEY |
static String |
DEFAULT_DOMAIN_CERT_KEY
Constant
DEFAULT_DOMAIN_CERT_KEY is a key pointing to the domain with default certificate. |
static String |
DEFAULT_DOMAIN_CERT_VAL
Constant
DEFAULT_DOMAIN_CERT_VAL keeps default value for a domain with default certificate. |
static String |
JKS_KEYSTORE_FILE_KEY
Constant
JKS_KEYSTORE_FILE_KEY is a key pointing to a JKS keystore file. |
static String |
JKS_KEYSTORE_FILE_VAL
Constant
JKS_KEYSTORE_FILE_VAL keeps default value for a JKS keystore file. |
static String |
JKS_KEYSTORE_PWD_KEY
Constant
JKS_KEYSTORE_PWD_KEY is a key pointing to a private key password, |
static String |
JKS_KEYSTORE_PWD_VAL
Constant
JKS_KEYSTORE_PWD_VAL is a default private key password. |
static String |
PEM_CERTIFICATE_KEY |
static String |
SERVER_CERTS_LOCATION_KEY
Constant
SERVER_CERTS_DIR_KEY is a key pointing to a configuration parameter with directory names
where all server certificates are stored. |
static String |
SERVER_CERTS_LOCATION_VAL
Constant
SERVER_CERTS_DIR_VAL is a default directory name where all certificate files are stored. |
static String |
SSL_CONTAINER_CLASS_KEY
Constant
SSL_CONTAINER_CLASS_KEY is a key pointing to a container implementation class. |
static String |
SSL_CONTAINER_CLASS_VAL
Constant
SSL_CONTAINER_CLASS_VAL keeps default container implementation class loaded if none is
specified in configuration file. |
static String |
TRUSTED_CERTS_DIR_KEY
Constant
TRUSTED_CERTS_DIR_KEY is a key pointing to a configuration parameter where all trusted
certificates are stored. |
static String |
TRUSTED_CERTS_DIR_VAL
Constant
TRUSTED_CERTS_DIR_VAL is a default directory name where all trusted certificates are
stored. |
static String |
TRUSTSTORE_FILE_KEY
Constant
TRUSTSTORE_FILE_KEY is a key pointing to a trust store file. |
static String |
TRUSTSTORE_FILE_VAL
Constant
TRUSTSTORE_FILE_VAL is a default truststore file. |
static String |
TRUSTSTORE_PWD_KEY
Constant
TRUSTSTORE_PWD_KEY is a key pointing to a trustore file password. |
static String |
TRUSTSTORE_PWD_VAL
Constant
TRUSTSTORE_PWD_VAL is a default password for truststore file. |
Modifier and Type | Method and Description |
---|---|
void |
addCertificates(Map<String,String> params)
Method
addCertificates allows to add more certificates at run time after the container has bee
already initialized. |
default IOInterface |
createIoInterface(String protocol,
String tls_hostname,
int port,
boolean clientMode,
boolean wantClientAuth,
boolean needClientAuth,
ByteOrder byteOrder,
TrustManager[] x509TrustManagers,
TLSEventHandler eventHandler,
IOInterface ioi,
CertificateContainerIfc certificateContainer)
Deprecated.
|
IOInterface |
createIoInterface(String protocol,
String local_hostname,
String remote_hostname,
int port,
boolean clientMode,
boolean wantClientAuth,
boolean needClientAuth,
ByteOrder byteOrder,
TrustManager[] x509TrustManagers,
TLSEventHandler eventHandler,
IOInterface ioi,
CertificateContainerIfc certificateContainer) |
default String[] |
getEnabledCiphers()
Deprecated.
|
String[] |
getEnabledCiphers(String domain) |
default String[] |
getEnabledProtocols()
Deprecated.
|
String[] |
getEnabledProtocols(String domain,
boolean client) |
SSLContext |
getSSLContext(String protocol,
String hostname,
boolean clientMode)
Method
getSSLContext creates and returns new SSLContext for a given domain (hostname). |
SSLContext |
getSSLContext(String protocol,
String hostname,
boolean clientMode,
TrustManager[] tms)
Method
getSSLContext creates and returns new SSLContext for a given domain (hostname). |
KeyStore |
getTrustStore()
Returns a trust store with all trusted certificates.
|
static final String ALLOW_INVALID_CERTS_KEY
ALLOW_INVALID_CERTS_KEY
is a key pointing to a configuration parameters specyfying if
invalid certificates are acceptable by the server. Invalid certificates are expired ones or certificates issued
for a different domain. This should be really set to false
in any real deployment and can be set ot
true
in development invironment.static final String ALLOW_INVALID_CERTS_VAL
ALLOW_INVALID_CERTS_VAL
is a default configuration parameter specifying if invalid
certificates are acceptable by the server.static final String ALLOW_SELF_SIGNED_CERTS_KEY
ALLOW_SELF_SIGNED_CERTS_KEY
is a key pointing to a configuration parameter specifying if
self-signed certificates are acceptable for the server.static final String ALLOW_SELF_SIGNED_CERTS_VAL
ALLOW_SELF_SIGNED_CERTS_VAL
is a default configuration value specifying if self-signed
certificates are allowed by the server.static final String CERT_ALIAS_KEY
static final String CERT_SAVE_TO_DISK_KEY
static final String DEFAULT_DOMAIN_CERT_KEY
DEFAULT_DOMAIN_CERT_KEY
is a key pointing to the domain with default certificate.static final String DEFAULT_DOMAIN_CERT_VAL
DEFAULT_DOMAIN_CERT_VAL
keeps default value for a domain with default certificate.static final String JKS_KEYSTORE_FILE_KEY
JKS_KEYSTORE_FILE_KEY
is a key pointing to a JKS keystore file.static final String JKS_KEYSTORE_FILE_VAL
JKS_KEYSTORE_FILE_VAL
keeps default value for a JKS keystore file.static final String JKS_KEYSTORE_PWD_KEY
JKS_KEYSTORE_PWD_KEY
is a key pointing to a private key password,static final String JKS_KEYSTORE_PWD_VAL
JKS_KEYSTORE_PWD_VAL
is a default private key password.static final String PEM_CERTIFICATE_KEY
static final String SERVER_CERTS_LOCATION_KEY
SERVER_CERTS_DIR_KEY
is a key pointing to a configuration parameter with directory names
where all server certificates are stored. This can be a comma separated list of directories, instead of a single
directory name. Certificates are stored in *.pem
files where the first part of the file name is a
domain name i.e.: yourdomain.com.pem
. There is one exception though. The file named
default.pem
stores a certificate which is a default certificate for the server if certificate for
specific domain is missing.static final String SERVER_CERTS_LOCATION_VAL
SERVER_CERTS_DIR_VAL
is a default directory name where all certificate files are stored.static final String SSL_CONTAINER_CLASS_KEY
SSL_CONTAINER_CLASS_KEY
is a key pointing to a container implementation class. The class is
loaded at startup time and initialized using configuration parameters. Some container implementations may accept
different parameters set. Please refer to the implementation for more details.static final String SSL_CONTAINER_CLASS_VAL
SSL_CONTAINER_CLASS_VAL
keeps default container implementation class loaded if none is
specified in configuration file.static final String TRUSTED_CERTS_DIR_KEY
TRUSTED_CERTS_DIR_KEY
is a key pointing to a configuration parameter where all trusted
certificates are stored. This can be a comma separated list of directories.static final String TRUSTED_CERTS_DIR_VAL
TRUSTED_CERTS_DIR_VAL
is a default directory name where all trusted certificates are
stored.static final String TRUSTSTORE_FILE_KEY
TRUSTSTORE_FILE_KEY
is a key pointing to a trust store file.static final String TRUSTSTORE_FILE_VAL
TRUSTSTORE_FILE_VAL
is a default truststore file.static final String TRUSTSTORE_PWD_KEY
TRUSTSTORE_PWD_KEY
is a key pointing to a trustore file password.static final String TRUSTSTORE_PWD_VAL
TRUSTSTORE_PWD_VAL
is a default password for truststore file.void addCertificates(Map<String,String> params) throws CertificateParsingException
addCertificates
allows to add more certificates at run time after the container has bee
already initialized. This is to avoid server restart if there are certificates updates or new certificates for
new virtual domain. The method should add new certificates or replace existing one if there is already a
certificate for a domain.params
- a Map
value with configuration parameters.CertificateParsingException
IOInterface createIoInterface(String protocol, String local_hostname, String remote_hostname, int port, boolean clientMode, boolean wantClientAuth, boolean needClientAuth, ByteOrder byteOrder, TrustManager[] x509TrustManagers, TLSEventHandler eventHandler, IOInterface ioi, CertificateContainerIfc certificateContainer) throws IOException
IOException
@Deprecated default IOInterface createIoInterface(String protocol, String tls_hostname, int port, boolean clientMode, boolean wantClientAuth, boolean needClientAuth, ByteOrder byteOrder, TrustManager[] x509TrustManagers, TLSEventHandler eventHandler, IOInterface ioi, CertificateContainerIfc certificateContainer) throws IOException
IOException
SSLContext getSSLContext(String protocol, String hostname, boolean clientMode)
getSSLContext
creates and returns new SSLContext for a given domain (hostname). For creation
of the SSLContext a certificate associated with this domain (hostname) should be used. If there is no specific
certificate for a given domain then default certificate should be used.protocol
- a String
is either 'SSL' or 'TLS' value.hostname
- a String
value keeps a hostname or domain for SSLContext.clientMode
- if set SSLContext will be created for client mode (ie. creation of server certificate will be
skipped if there is no certificate)SSLContext
valueSSLContext getSSLContext(String protocol, String hostname, boolean clientMode, TrustManager[] tms)
getSSLContext
creates and returns new SSLContext for a given domain (hostname). For creation
of the SSLContext a certificate associated with this domain (hostname) should be used. If there is no specific
certificate for a given domain then default certificate should be used.protocol
- a String
is either 'SSL' or 'TLS' value.hostname
- a String
value keeps a hostname or domain for SSLContext.clientMode
- if set SSLContext will be created for client mode (ie. creation of server certificate will be
skipped if there is no certificate)tms
- array of TrustManagers which should be used to validate remote certificateSSLContext
valueKeyStore getTrustStore()
@Deprecated default String[] getEnabledCiphers()
@Deprecated default String[] getEnabledProtocols()
Copyright © 2004–2021 "Tigase, Inc.". All rights reserved.