org.apache.commons.ssl
Class SSL
java.lang.Object
org.apache.commons.ssl.SSL
- public class SSL
- extends java.lang.Object
Not thread-safe. (But who would ever share this thing across multiple
threads???)
- Since:
- May 1, 2006
- Author:
- Credit Union Central of British Columbia, www.cucbc.com, juliusdavies@cucbc.com
|
Constructor Summary |
SSL()
|
|
Method Summary |
void |
addAllowedName(java.lang.String allowedName)
|
void |
addAllowedNames(java.util.Collection allowedNames)
Offers a secure way to use virtual-hosting and SSL in some situations:
for example you want to connect to "bar.com" but you know in advance
that the SSL Certificate on that server only contains "CN=foo.com". |
void |
addTrustMaterial(TrustChain trustChain)
|
void |
clearAllowedNames()
|
java.net.ServerSocket |
createServerSocket()
|
java.net.ServerSocket |
createServerSocket(int port,
int backlog,
java.net.InetAddress localHost)
Attempts to get a new socket connection to the given host within the
given time limit. |
javax.net.ssl.SSLSocket |
createSocket()
|
java.net.Socket |
createSocket(java.net.Socket s,
java.lang.String remoteHost,
int remotePort,
boolean autoClose)
|
java.net.Socket |
createSocket(java.lang.String remoteHost,
int remotePort,
java.net.InetAddress localHost,
int localPort,
int timeout)
Attempts to get a new socket connection to the given host within the
given time limit. |
void |
doPostConnectSocketStuff(javax.net.ssl.SSLSocket s,
java.lang.String host)
|
void |
doPreConnectServerSocketStuff(javax.net.ssl.SSLServerSocket s)
|
void |
doPreConnectSocketStuff(javax.net.ssl.SSLSocket s)
|
java.util.List |
getAllowedNames()
|
java.security.cert.X509Certificate[] |
getAssociatedCertificateChain()
|
boolean |
getCheckCRL()
|
boolean |
getCheckExpiry()
|
boolean |
getCheckHostname()
|
int |
getConnectTimeout()
|
java.security.cert.X509Certificate[] |
getCurrentClientChain()
|
java.security.cert.X509Certificate[] |
getCurrentServerChain()
|
java.lang.String[] |
getDefaultCipherSuites()
|
java.lang.String |
getDefaultProtocol()
|
java.lang.String[] |
getEnabledCiphers()
|
java.lang.String[] |
getEnabledProtocols()
|
HostnameVerifier |
getHostnameVerifier()
|
boolean |
getNeedClientAuth()
|
int |
getSoTimeout()
|
javax.net.ssl.SSLContext |
getSSLContext()
|
java.lang.Object |
getSSLContextAsObject()
|
javax.net.ssl.SSLServerSocketFactory |
getSSLServerSocketFactory()
|
javax.net.ssl.SSLSocketFactory |
getSSLSocketFactory()
|
SSLWrapperFactory |
getSSLWrapperFactory()
|
java.lang.String[] |
getSupportedCipherSuites()
|
TrustChain |
getTrustChain()
|
boolean |
getUseClientMode()
|
boolean |
getUseClientModeDefault()
|
boolean |
getWantClientAuth()
|
static void |
main(java.lang.String[] args)
|
void |
setCheckCRL(boolean checkCRL)
|
void |
setCheckExpiry(boolean checkExpiry)
|
void |
setCheckHostname(boolean checkHostname)
|
void |
setConnectTimeout(int connectTimeout)
|
void |
setCurrentClientChain(java.security.cert.X509Certificate[] chain)
|
void |
setCurrentServerChain(java.security.cert.X509Certificate[] chain)
|
void |
setDefaultProtocol(java.lang.String protocol)
|
void |
setEnabledCiphers(java.lang.String[] ciphers)
|
void |
setEnabledProtocols(java.lang.String[] protocols)
|
void |
setHostnameVerifier(HostnameVerifier verifier)
|
void |
setKeyMaterial(KeyMaterial keyMaterial)
|
void |
setNeedClientAuth(boolean needClientAuth)
|
void |
setSoTimeout(int soTimeout)
|
void |
setSSLWrapperFactory(SSLWrapperFactory wf)
|
void |
setTrustMaterial(TrustChain trustChain)
|
void |
setUseClientMode(boolean useClientMode)
|
void |
setWantClientAuth(boolean wantClientAuth)
|
void |
useDefaultJavaCiphers()
|
void |
useStrongCiphers()
|
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
KNOWN_PROTOCOLS_SET
public static final java.util.SortedSet KNOWN_PROTOCOLS_SET
SUPPORTED_CIPHERS_SET
public static final java.util.SortedSet SUPPORTED_CIPHERS_SET
SSL_RSA_WITH_RC4_128_SHA
public static final java.lang.String SSL_RSA_WITH_RC4_128_SHA
- See Also:
- Constant Field Values
SSL_RSA_WITH_3DES_EDE_CBC_SHA
public static final java.lang.String SSL_RSA_WITH_3DES_EDE_CBC_SHA
- See Also:
- Constant Field Values
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
public static final java.lang.String SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- See Also:
- Constant Field Values
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
public static final java.lang.String SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
- See Also:
- Constant Field Values
TLS_RSA_WITH_AES_128_CBC_SHA
public static final java.lang.String TLS_RSA_WITH_AES_128_CBC_SHA
- See Also:
- Constant Field Values
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
public static final java.lang.String TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- See Also:
- Constant Field Values
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
public static final java.lang.String TLS_DHE_DSS_WITH_AES_128_CBC_SHA
- See Also:
- Constant Field Values
TLS_RSA_WITH_AES_256_CBC_SHA
public static final java.lang.String TLS_RSA_WITH_AES_256_CBC_SHA
- See Also:
- Constant Field Values
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
public static final java.lang.String TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- See Also:
- Constant Field Values
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
public static final java.lang.String TLS_DHE_DSS_WITH_AES_256_CBC_SHA
- See Also:
- Constant Field Values
usingSystemProperties
protected final boolean usingSystemProperties
SSL
public SSL()
throws java.security.GeneralSecurityException,
java.io.IOException
getSSLContext
public javax.net.ssl.SSLContext getSSLContext()
throws java.security.GeneralSecurityException,
java.io.IOException
- Throws:
java.security.GeneralSecurityException
java.io.IOException
getSSLContextAsObject
public java.lang.Object getSSLContextAsObject()
throws java.security.GeneralSecurityException,
java.io.IOException
- Returns:
- com.sun.net.ssl.SSLContext or javax.net.ssl.SSLContext depending
on the JSSE implementation we're using.
- Throws:
java.security.GeneralSecurityException - problem creating SSLContext
java.io.IOException - problem creating SSLContext
addTrustMaterial
public void addTrustMaterial(TrustChain trustChain)
throws java.security.NoSuchAlgorithmException,
java.security.KeyStoreException,
java.security.KeyManagementException,
java.io.IOException,
java.security.cert.CertificateException
- Throws:
java.security.NoSuchAlgorithmException
java.security.KeyStoreException
java.security.KeyManagementException
java.io.IOException
java.security.cert.CertificateException
setTrustMaterial
public void setTrustMaterial(TrustChain trustChain)
throws java.security.NoSuchAlgorithmException,
java.security.KeyStoreException,
java.security.KeyManagementException,
java.io.IOException,
java.security.cert.CertificateException
- Throws:
java.security.NoSuchAlgorithmException
java.security.KeyStoreException
java.security.KeyManagementException
java.io.IOException
java.security.cert.CertificateException
setKeyMaterial
public void setKeyMaterial(KeyMaterial keyMaterial)
throws java.security.NoSuchAlgorithmException,
java.security.KeyStoreException,
java.security.KeyManagementException,
java.io.IOException,
java.security.cert.CertificateException
- Throws:
java.security.NoSuchAlgorithmException
java.security.KeyStoreException
java.security.KeyManagementException
java.io.IOException
java.security.cert.CertificateException
getAssociatedCertificateChain
public java.security.cert.X509Certificate[] getAssociatedCertificateChain()
getEnabledCiphers
public java.lang.String[] getEnabledCiphers()
useDefaultJavaCiphers
public void useDefaultJavaCiphers()
useStrongCiphers
public void useStrongCiphers()
setEnabledCiphers
public void setEnabledCiphers(java.lang.String[] ciphers)
getEnabledProtocols
public java.lang.String[] getEnabledProtocols()
setEnabledProtocols
public void setEnabledProtocols(java.lang.String[] protocols)
getDefaultProtocol
public java.lang.String getDefaultProtocol()
setDefaultProtocol
public void setDefaultProtocol(java.lang.String protocol)
getCheckHostname
public boolean getCheckHostname()
getAllowedNames
public java.util.List getAllowedNames()
- Returns:
- String[] array of alternate "allowed names" to try against a
server's x509 CN field if the host/ip we used didn't match.
Returns an empty list if there are no "allowedNames" currently
set.
addAllowedNames
public void addAllowedNames(java.util.Collection allowedNames)
- Offers a secure way to use virtual-hosting and SSL in some situations:
for example you want to connect to "bar.com" but you know in advance
that the SSL Certificate on that server only contains "CN=foo.com". If
you setAllowedNames( new String[] { "foo.com" } ) on your SSLClient in
advance, you can connect securely, while still using "bar.com" as the
host.
Here's a code example using "cucbc.com" to connect, but anticipating
"www.cucbc.com" in the server's certificate:
SSLClient client = new SSLClient();
client.setAllowedNames( new String[] { "www.cucbc.com" } );
Socket s = client.createSocket( "cucbc.com", 443 );
This technique is also useful if you don't want to use DNS, and want to
connect using the IP address.
- Parameters:
allowedNames - Collection of alternate "allowed names" to try against
a server's x509 CN field if the host/ip we used didn't
match. Set to null to force strict matching against
host/ip passed into createSocket(). Null is the
default value. Must be set in advance, before
createSocket() is called.
addAllowedName
public void addAllowedName(java.lang.String allowedName)
clearAllowedNames
public void clearAllowedNames()
setCheckHostname
public void setCheckHostname(boolean checkHostname)
setHostnameVerifier
public void setHostnameVerifier(HostnameVerifier verifier)
getHostnameVerifier
public HostnameVerifier getHostnameVerifier()
getCheckCRL
public boolean getCheckCRL()
setCheckCRL
public void setCheckCRL(boolean checkCRL)
getCheckExpiry
public boolean getCheckExpiry()
setCheckExpiry
public void setCheckExpiry(boolean checkExpiry)
setSoTimeout
public void setSoTimeout(int soTimeout)
getSoTimeout
public int getSoTimeout()
setConnectTimeout
public void setConnectTimeout(int connectTimeout)
setUseClientMode
public void setUseClientMode(boolean useClientMode)
getUseClientModeDefault
public boolean getUseClientModeDefault()
getUseClientMode
public boolean getUseClientMode()
setWantClientAuth
public void setWantClientAuth(boolean wantClientAuth)
setNeedClientAuth
public void setNeedClientAuth(boolean needClientAuth)
getWantClientAuth
public boolean getWantClientAuth()
getNeedClientAuth
public boolean getNeedClientAuth()
getSSLWrapperFactory
public SSLWrapperFactory getSSLWrapperFactory()
setSSLWrapperFactory
public void setSSLWrapperFactory(SSLWrapperFactory wf)
doPreConnectSocketStuff
public void doPreConnectSocketStuff(javax.net.ssl.SSLSocket s)
throws java.io.IOException
- Throws:
java.io.IOException
doPostConnectSocketStuff
public void doPostConnectSocketStuff(javax.net.ssl.SSLSocket s,
java.lang.String host)
throws java.io.IOException
- Throws:
java.io.IOException
createSocket
public javax.net.ssl.SSLSocket createSocket()
throws java.io.IOException
- Throws:
java.io.IOException
createSocket
public java.net.Socket createSocket(java.lang.String remoteHost,
int remotePort,
java.net.InetAddress localHost,
int localPort,
int timeout)
throws java.io.IOException
- Attempts to get a new socket connection to the given host within the
given time limit.
- Parameters:
remoteHost - the host name/IPremotePort - the port on the hostlocalHost - the local host name/IP to bind the socket tolocalPort - the port on the local machinetimeout - the connection timeout (0==infinite)
- Returns:
- Socket a new socket
- Throws:
java.io.IOException - if an I/O error occurs while creating the socket
java.net.UnknownHostException - if the IP address of the host cannot be
determined
createSocket
public java.net.Socket createSocket(java.net.Socket s,
java.lang.String remoteHost,
int remotePort,
boolean autoClose)
throws java.io.IOException
- Throws:
java.io.IOException
createServerSocket
public java.net.ServerSocket createServerSocket()
throws java.io.IOException
- Throws:
java.io.IOException
createServerSocket
public java.net.ServerSocket createServerSocket(int port,
int backlog,
java.net.InetAddress localHost)
throws java.io.IOException
- Attempts to get a new socket connection to the given host within the
given time limit.
- Parameters:
localHost - the local host name/IP to bind against (null == ANY)port - the port to listen onbacklog - number of connections allowed to queue up for accept().
- Returns:
- SSLServerSocket a new server socket
- Throws:
java.io.IOException - if an I/O error occurs while creating thesocket
doPreConnectServerSocketStuff
public void doPreConnectServerSocketStuff(javax.net.ssl.SSLServerSocket s)
throws java.io.IOException
- Throws:
java.io.IOException
getSSLSocketFactory
public javax.net.ssl.SSLSocketFactory getSSLSocketFactory()
getSSLServerSocketFactory
public javax.net.ssl.SSLServerSocketFactory getSSLServerSocketFactory()
getConnectTimeout
public int getConnectTimeout()
getDefaultCipherSuites
public java.lang.String[] getDefaultCipherSuites()
getSupportedCipherSuites
public java.lang.String[] getSupportedCipherSuites()
getTrustChain
public TrustChain getTrustChain()
setCurrentServerChain
public void setCurrentServerChain(java.security.cert.X509Certificate[] chain)
setCurrentClientChain
public void setCurrentClientChain(java.security.cert.X509Certificate[] chain)
getCurrentServerChain
public java.security.cert.X509Certificate[] getCurrentServerChain()
getCurrentClientChain
public java.security.cert.X509Certificate[] getCurrentClientChain()
main
public static void main(java.lang.String[] args)
Copyright © 2011. All Rights Reserved.