Package tigase.io
Interface SSLContextContainerIfc
- All Superinterfaces:
Lifecycle
- All Known Implementing Classes:
SSLContextContainer,SSLContextContainer.Root,SSLContextContainerAbstract
Describe interface SSLContextContainerIfc here.
Created: Tue Nov 20 11:43:32 2007
Created: Tue Nov 20 11:43:32 2007
- Author:
- Artur Hefczyc
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final StringConstantALLOW_INVALID_CERTS_KEYis a key pointing to a configuration parameters specyfying if invalid certificates are acceptable by the server.static final StringConstantALLOW_INVALID_CERTS_VALis a default configuration parameter specifying if invalid certificates are acceptable by the server.static final StringConstantALLOW_SELF_SIGNED_CERTS_KEYis a key pointing to a configuration parameter specifying if self-signed certificates are acceptable for the server.static final StringConstantALLOW_SELF_SIGNED_CERTS_VALis a default configuration value specifying if self-signed certificates are allowed by the server.static final Stringstatic final Stringstatic final StringConstantDEFAULT_DOMAIN_CERT_KEYis a key pointing to the domain with default certificate.static final StringConstantDEFAULT_DOMAIN_CERT_VALkeeps default value for a domain with default certificate.static final StringConstantJKS_KEYSTORE_FILE_KEYis a key pointing to a JKS keystore file.static final StringConstantJKS_KEYSTORE_FILE_VALkeeps default value for a JKS keystore file.static final StringConstantJKS_KEYSTORE_PWD_KEYis a key pointing to a private key password,static final StringConstantJKS_KEYSTORE_PWD_VALis a default private key password.static final Stringstatic final StringConstantSERVER_CERTS_DIR_KEYis a key pointing to a configuration parameter with directory names where all server certificates are stored.static final StringConstantSERVER_CERTS_DIR_VALis a default directory name where all certificate files are stored.static final StringConstantSSL_CONTAINER_CLASS_KEYis a key pointing to a container implementation class.static final StringConstantSSL_CONTAINER_CLASS_VALkeeps default container implementation class loaded if none is specified in configuration file.static final StringConstantTRUSTED_CERTS_DIR_KEYis a key pointing to a configuration parameter where all trusted certificates are stored.static final StringConstantTRUSTED_CERTS_DIR_VALis a default directory name where all trusted certificates are stored.static final StringConstantTRUSTSTORE_FILE_KEYis a key pointing to a trust store file.static final StringConstantTRUSTSTORE_FILE_VALis a default truststore file.static final StringConstantTRUSTSTORE_PWD_KEYis a key pointing to a trustore file password.static final StringConstantTRUSTSTORE_PWD_VALis a default password for truststore file. -
Method Summary
Modifier and TypeMethodDescriptionvoidaddCertificates(Map<String, String> params) MethodaddCertificatesallows to add more certificates at run time after the container has bee already initialized.default IOInterfacecreateIoInterface(String protocol, String tls_hostname, int port, boolean clientMode, boolean wantClientAuth, boolean needClientAuth, ByteOrder byteOrder, TrustManager[] x509TrustManagers, TLSEventHandler eventHandler, IOInterface ioi, CertificateContainerIfc certificateContainer) Deprecated.createIoInterface(String protocol, String local_hostname, String remote_hostname, int port, boolean clientMode, boolean wantClientAuth, boolean needClientAuth, ByteOrder byteOrder, TrustManager[] x509TrustManagers, TLSEventHandler eventHandler, IOInterface ioi, CertificateContainerIfc certificateContainer) default String[]Deprecated.String[]getEnabledCiphers(String domain) default String[]Deprecated.String[]getEnabledProtocols(String domain, boolean client) getSSLContext(String protocol, String hostname, boolean clientMode) MethodgetSSLContextcreates and returns new SSLContext for a given domain (hostname).getSSLContext(String protocol, String hostname, boolean clientMode, TrustManager[] tms) MethodgetSSLContextcreates and returns new SSLContext for a given domain (hostname).Returns a trust store with all trusted certificates.
-
Field Details
-
ALLOW_INVALID_CERTS_KEY
ConstantALLOW_INVALID_CERTS_KEYis a key pointing to a configuration parameters specyfying if invalid certificates are acceptable by the server. Invalid certificates are expired ones or certificates issued for a different domain. This should be really set tofalsein any real deployment and can be set ottruein development invironment.- See Also:
-
ALLOW_INVALID_CERTS_VAL
ConstantALLOW_INVALID_CERTS_VALis a default configuration parameter specifying if invalid certificates are acceptable by the server.- See Also:
-
ALLOW_SELF_SIGNED_CERTS_KEY
ConstantALLOW_SELF_SIGNED_CERTS_KEYis a key pointing to a configuration parameter specifying if self-signed certificates are acceptable for the server.- See Also:
-
ALLOW_SELF_SIGNED_CERTS_VAL
ConstantALLOW_SELF_SIGNED_CERTS_VALis a default configuration value specifying if self-signed certificates are allowed by the server.- See Also:
-
CERT_ALIAS_KEY
- See Also:
-
CERT_SAVE_TO_DISK_KEY
- See Also:
-
DEFAULT_DOMAIN_CERT_KEY
ConstantDEFAULT_DOMAIN_CERT_KEYis a key pointing to the domain with default certificate.- See Also:
-
DEFAULT_DOMAIN_CERT_VAL
ConstantDEFAULT_DOMAIN_CERT_VALkeeps default value for a domain with default certificate.- See Also:
-
JKS_KEYSTORE_FILE_KEY
ConstantJKS_KEYSTORE_FILE_KEYis a key pointing to a JKS keystore file.- See Also:
-
JKS_KEYSTORE_FILE_VAL
ConstantJKS_KEYSTORE_FILE_VALkeeps default value for a JKS keystore file. -
JKS_KEYSTORE_PWD_KEY
ConstantJKS_KEYSTORE_PWD_KEYis a key pointing to a private key password,- See Also:
-
JKS_KEYSTORE_PWD_VAL
ConstantJKS_KEYSTORE_PWD_VALis a default private key password.- See Also:
-
PEM_CERTIFICATE_KEY
- See Also:
-
SERVER_CERTS_LOCATION_KEY
ConstantSERVER_CERTS_DIR_KEYis a key pointing to a configuration parameter with directory names where all server certificates are stored. This can be a comma separated list of directories, instead of a single directory name. Certificates are stored in*.pemfiles where the first part of the file name is a domain name i.e.:yourdomain.com.pem. There is one exception though. The file nameddefault.pemstores a certificate which is a default certificate for the server if certificate for specific domain is missing.- See Also:
-
SERVER_CERTS_LOCATION_VAL
ConstantSERVER_CERTS_DIR_VALis a default directory name where all certificate files are stored.- See Also:
-
SSL_CONTAINER_CLASS_KEY
ConstantSSL_CONTAINER_CLASS_KEYis a key pointing to a container implementation class. The class is loaded at startup time and initialized using configuration parameters. Some container implementations may accept different parameters set. Please refer to the implementation for more details.- See Also:
-
SSL_CONTAINER_CLASS_VAL
ConstantSSL_CONTAINER_CLASS_VALkeeps default container implementation class loaded if none is specified in configuration file. -
TRUSTED_CERTS_DIR_KEY
ConstantTRUSTED_CERTS_DIR_KEYis a key pointing to a configuration parameter where all trusted certificates are stored. This can be a comma separated list of directories.- See Also:
-
TRUSTED_CERTS_DIR_VAL
ConstantTRUSTED_CERTS_DIR_VALis a default directory name where all trusted certificates are stored.- See Also:
-
TRUSTSTORE_FILE_KEY
ConstantTRUSTSTORE_FILE_KEYis a key pointing to a trust store file.- See Also:
-
TRUSTSTORE_FILE_VAL
ConstantTRUSTSTORE_FILE_VALis a default truststore file. -
TRUSTSTORE_PWD_KEY
ConstantTRUSTSTORE_PWD_KEYis a key pointing to a trustore file password.- See Also:
-
TRUSTSTORE_PWD_VAL
ConstantTRUSTSTORE_PWD_VALis a default password for truststore file.- See Also:
-
-
Method Details
-
addCertificates
MethodaddCertificatesallows to add more certificates at run time after the container has bee already initialized. This is to avoid server restart if there are certificates updates or new certificates for new virtual domain. The method should add new certificates or replace existing one if there is already a certificate for a domain.- Parameters:
params- aMapvalue with configuration parameters.- Throws:
CertificateParsingException
-
createIoInterface
IOInterface createIoInterface(String protocol, String local_hostname, String remote_hostname, int port, boolean clientMode, boolean wantClientAuth, boolean needClientAuth, ByteOrder byteOrder, TrustManager[] x509TrustManagers, TLSEventHandler eventHandler, IOInterface ioi, CertificateContainerIfc certificateContainer) throws IOException - Throws:
IOException
-
createIoInterface
@Deprecated default IOInterface createIoInterface(String protocol, String tls_hostname, int port, boolean clientMode, boolean wantClientAuth, boolean needClientAuth, ByteOrder byteOrder, TrustManager[] x509TrustManagers, TLSEventHandler eventHandler, IOInterface ioi, CertificateContainerIfc certificateContainer) throws IOException Deprecated.- Throws:
IOException
-
getSSLContext
MethodgetSSLContextcreates and returns new SSLContext for a given domain (hostname). For creation of the SSLContext a certificate associated with this domain (hostname) should be used. If there is no specific certificate for a given domain then default certificate should be used.- Parameters:
protocol- aStringis either 'SSL' or 'TLS' value.hostname- aStringvalue keeps a hostname or domain for SSLContext.clientMode- if set SSLContext will be created for client mode (ie. creation of server certificate will be skipped if there is no certificate)- Returns:
- a
SSLContextvalue
-
getSSLContext
MethodgetSSLContextcreates and returns new SSLContext for a given domain (hostname). For creation of the SSLContext a certificate associated with this domain (hostname) should be used. If there is no specific certificate for a given domain then default certificate should be used.- Parameters:
protocol- aStringis either 'SSL' or 'TLS' value.hostname- aStringvalue keeps a hostname or domain for SSLContext.clientMode- if set SSLContext will be created for client mode (ie. creation of server certificate will be skipped if there is no certificate)tms- array of TrustManagers which should be used to validate remote certificate- Returns:
- a
SSLContextvalue
-
getTrustStore
KeyStore getTrustStore()Returns a trust store with all trusted certificates.- Returns:
- a KeyStore with all trusted certificates, the KeyStore can be empty but cannot be null.
-
getEnabledCiphers
-
getEnabledProtocols
-
getEnabledCiphers
Deprecated. -
getEnabledProtocols
Deprecated.
-