org.apache.commons.ssl
Class SSL
java.lang.Object
org.apache.commons.ssl.SSL
public class SSL
- extends Object
Not thread-safe. (But who would ever share this thing across multiple
threads???)
- Since:
- May 1, 2006
- Author:
- Credit Union Central of British Columbia, www.cucbc.com, juliusdavies@cucbc.com
Constructor Summary |
SSL()
|
Method Summary |
private static void |
addCipher(List l,
String c,
boolean printOnStandardOut)
|
void |
addTrustMaterial(TrustChain trustChain)
|
ServerSocket |
createServerSocket()
|
ServerSocket |
createServerSocket(int port,
int backlog,
InetAddress localHost)
Attempts to get a new socket connection to the given host within the
given time limit. |
Socket |
createSocket()
|
Socket |
createSocket(Socket s,
String remoteHost,
int remotePort,
boolean autoClose)
|
Socket |
createSocket(String remoteHost,
int remotePort,
InetAddress localHost,
int localPort,
int timeout)
Attempts to get a new socket connection to the given host within the
given time limit. |
private void |
dirty()
|
private void |
dirtyAndReloadIfYoung()
|
(package private) String |
dnsOverride(String host)
|
void |
doPostConnectSocketStuff(Socket s,
String host)
|
void |
doPreConnectServerSocketStuff(SSLServerSocket s)
|
void |
doPreConnectSocketStuff(Socket s)
|
X509Certificate[] |
getAssociatedCertificateChain()
|
boolean |
getCheckCRL()
|
boolean |
getCheckExpiry()
|
boolean |
getCheckHostname()
|
int |
getConnectTimeout()
|
X509Certificate[] |
getCurrentClientChain()
|
X509Certificate[] |
getCurrentServerChain()
|
String[] |
getDefaultCipherSuites()
|
String |
getDefaultProtocol()
|
String[] |
getEnabledCiphers()
|
String[] |
getEnabledProtocols()
|
HostnameVerifier |
getHostnameVerifier()
|
boolean |
getNeedClientAuth()
|
int |
getSoTimeout()
|
SSLContext |
getSSLContext()
|
Object |
getSSLContextAsObject()
|
SSLServerSocketFactory |
getSSLServerSocketFactory()
|
SSLSocketFactory |
getSSLSocketFactory()
|
SSLWrapperFactory |
getSSLWrapperFactory()
|
String[] |
getSupportedCipherSuites()
|
TrustChain |
getTrustChain()
|
boolean |
getUseClientMode()
|
boolean |
getUseClientModeDefault()
|
boolean |
getWantClientAuth()
|
private void |
init()
|
private void |
initThrowRuntime()
|
boolean |
isSecure()
|
static void |
main(String[] args)
|
void |
setCheckCRL(boolean checkCRL)
|
void |
setCheckExpiry(boolean checkExpiry)
|
void |
setCheckHostname(boolean checkHostname)
|
void |
setConnectTimeout(int connectTimeout)
|
void |
setCurrentClientChain(X509Certificate[] chain)
|
void |
setCurrentServerChain(X509Certificate[] chain)
|
void |
setDefaultProtocol(String protocol)
|
void |
setDnsOverride(Map m)
|
void |
setEnabledCiphers(String[] ciphers)
|
void |
setEnabledProtocols(String[] protocols)
|
void |
setHostnameVerifier(HostnameVerifier verifier)
|
void |
setIsSecure(boolean b)
|
void |
setKeyMaterial(KeyMaterial keyMaterial)
|
void |
setNeedClientAuth(boolean needClientAuth)
|
void |
setSoTimeout(int soTimeout)
|
void |
setSSLWrapperFactory(SSLWrapperFactory wf)
|
void |
setTrustMaterial(TrustChain trustChain)
|
void |
setUseClientMode(boolean useClientMode)
|
void |
setWantClientAuth(boolean wantClientAuth)
|
void |
useDefaultJavaCiphers()
|
void |
useStrongCiphers()
|
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
KNOWN_PROTOCOLS
private static final String[] KNOWN_PROTOCOLS
SUPPORTED_CIPHERS
private static final String[] SUPPORTED_CIPHERS
KNOWN_PROTOCOLS_SET
public static final SortedSet KNOWN_PROTOCOLS_SET
SUPPORTED_CIPHERS_SET
public static final SortedSet SUPPORTED_CIPHERS_SET
SSL_RSA_WITH_RC4_128_SHA
public static final String SSL_RSA_WITH_RC4_128_SHA
- See Also:
- Constant Field Values
SSL_RSA_WITH_3DES_EDE_CBC_SHA
public static final String SSL_RSA_WITH_3DES_EDE_CBC_SHA
- See Also:
- Constant Field Values
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
public static final String SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- See Also:
- Constant Field Values
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
public static final String SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
- See Also:
- Constant Field Values
TLS_RSA_WITH_AES_128_CBC_SHA
public static final String TLS_RSA_WITH_AES_128_CBC_SHA
- See Also:
- Constant Field Values
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
public static final String TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- See Also:
- Constant Field Values
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
public static final String TLS_DHE_DSS_WITH_AES_128_CBC_SHA
- See Also:
- Constant Field Values
TLS_RSA_WITH_AES_256_CBC_SHA
public static final String TLS_RSA_WITH_AES_256_CBC_SHA
- See Also:
- Constant Field Values
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
public static final String TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- See Also:
- Constant Field Values
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
public static final String TLS_DHE_DSS_WITH_AES_256_CBC_SHA
- See Also:
- Constant Field Values
sslContext
private Object sslContext
initCount
private int initCount
socketFactory
private SSLSocketFactory socketFactory
serverSocketFactory
private SSLServerSocketFactory serverSocketFactory
hostnameVerifier
private HostnameVerifier hostnameVerifier
isSecure
private boolean isSecure
checkHostname
private boolean checkHostname
checkCRL
private boolean checkCRL
checkExpiry
private boolean checkExpiry
useClientMode
private boolean useClientMode
useClientModeDefault
private boolean useClientModeDefault
soTimeout
private int soTimeout
connectTimeout
private int connectTimeout
trustChain
private TrustChain trustChain
keyMaterial
private KeyMaterial keyMaterial
enabledCiphers
private String[] enabledCiphers
enabledProtocols
private String[] enabledProtocols
defaultProtocol
private String defaultProtocol
currentServerChain
private X509Certificate[] currentServerChain
currentClientChain
private X509Certificate[] currentClientChain
wantClientAuth
private boolean wantClientAuth
needClientAuth
private boolean needClientAuth
sslWrapperFactory
private SSLWrapperFactory sslWrapperFactory
dnsOverride
private Map dnsOverride
usingSystemProperties
protected final boolean usingSystemProperties
SSL
public SSL()
throws GeneralSecurityException,
IOException
- Throws:
GeneralSecurityException
IOException
dirty
private void dirty()
dirtyAndReloadIfYoung
private void dirtyAndReloadIfYoung()
throws NoSuchAlgorithmException,
KeyStoreException,
KeyManagementException,
IOException,
CertificateException
- Throws:
NoSuchAlgorithmException
KeyStoreException
KeyManagementException
IOException
CertificateException
dnsOverride
String dnsOverride(String host)
setDnsOverride
public void setDnsOverride(Map m)
setIsSecure
public void setIsSecure(boolean b)
isSecure
public boolean isSecure()
getSSLContext
public SSLContext getSSLContext()
throws GeneralSecurityException,
IOException
- Throws:
GeneralSecurityException
IOException
getSSLContextAsObject
public Object getSSLContextAsObject()
throws GeneralSecurityException,
IOException
- Returns:
- com.sun.net.ssl.SSLContext or javax.net.ssl.SSLContext depending
on the JSSE implementation we're using.
- Throws:
GeneralSecurityException
- problem creating SSLContext
IOException
- problem creating SSLContext
addTrustMaterial
public void addTrustMaterial(TrustChain trustChain)
throws NoSuchAlgorithmException,
KeyStoreException,
KeyManagementException,
IOException,
CertificateException
- Throws:
NoSuchAlgorithmException
KeyStoreException
KeyManagementException
IOException
CertificateException
setTrustMaterial
public void setTrustMaterial(TrustChain trustChain)
throws NoSuchAlgorithmException,
KeyStoreException,
KeyManagementException,
IOException,
CertificateException
- Throws:
NoSuchAlgorithmException
KeyStoreException
KeyManagementException
IOException
CertificateException
setKeyMaterial
public void setKeyMaterial(KeyMaterial keyMaterial)
throws NoSuchAlgorithmException,
KeyStoreException,
KeyManagementException,
IOException,
CertificateException
- Throws:
NoSuchAlgorithmException
KeyStoreException
KeyManagementException
IOException
CertificateException
getAssociatedCertificateChain
public X509Certificate[] getAssociatedCertificateChain()
getEnabledCiphers
public String[] getEnabledCiphers()
useDefaultJavaCiphers
public void useDefaultJavaCiphers()
useStrongCiphers
public void useStrongCiphers()
setEnabledCiphers
public void setEnabledCiphers(String[] ciphers)
getEnabledProtocols
public String[] getEnabledProtocols()
setEnabledProtocols
public void setEnabledProtocols(String[] protocols)
getDefaultProtocol
public String getDefaultProtocol()
setDefaultProtocol
public void setDefaultProtocol(String protocol)
getCheckHostname
public boolean getCheckHostname()
setCheckHostname
public void setCheckHostname(boolean checkHostname)
setHostnameVerifier
public void setHostnameVerifier(HostnameVerifier verifier)
getHostnameVerifier
public HostnameVerifier getHostnameVerifier()
getCheckCRL
public boolean getCheckCRL()
setCheckCRL
public void setCheckCRL(boolean checkCRL)
getCheckExpiry
public boolean getCheckExpiry()
setCheckExpiry
public void setCheckExpiry(boolean checkExpiry)
setSoTimeout
public void setSoTimeout(int soTimeout)
getSoTimeout
public int getSoTimeout()
setConnectTimeout
public void setConnectTimeout(int connectTimeout)
setUseClientMode
public void setUseClientMode(boolean useClientMode)
getUseClientModeDefault
public boolean getUseClientModeDefault()
getUseClientMode
public boolean getUseClientMode()
setWantClientAuth
public void setWantClientAuth(boolean wantClientAuth)
setNeedClientAuth
public void setNeedClientAuth(boolean needClientAuth)
getWantClientAuth
public boolean getWantClientAuth()
getNeedClientAuth
public boolean getNeedClientAuth()
getSSLWrapperFactory
public SSLWrapperFactory getSSLWrapperFactory()
setSSLWrapperFactory
public void setSSLWrapperFactory(SSLWrapperFactory wf)
initThrowRuntime
private void initThrowRuntime()
init
private void init()
throws NoSuchAlgorithmException,
KeyStoreException,
KeyManagementException,
IOException,
CertificateException
- Throws:
NoSuchAlgorithmException
KeyStoreException
KeyManagementException
IOException
CertificateException
doPreConnectSocketStuff
public void doPreConnectSocketStuff(Socket s)
throws IOException
- Throws:
IOException
doPostConnectSocketStuff
public void doPostConnectSocketStuff(Socket s,
String host)
throws IOException
- Throws:
IOException
createSocket
public Socket createSocket()
throws IOException
- Throws:
IOException
createSocket
public Socket createSocket(String remoteHost,
int remotePort,
InetAddress localHost,
int localPort,
int timeout)
throws IOException
- Attempts to get a new socket connection to the given host within the
given time limit.
- Parameters:
remoteHost
- the host name/IPremotePort
- the port on the hostlocalHost
- the local host name/IP to bind the socket tolocalPort
- the port on the local machinetimeout
- the connection timeout (0==infinite)
- Returns:
- Socket a new socket
- Throws:
IOException
- if an I/O error occurs while creating the socket
UnknownHostException
- if the IP address of the host cannot be
determined
createSocket
public Socket createSocket(Socket s,
String remoteHost,
int remotePort,
boolean autoClose)
throws IOException
- Throws:
IOException
createServerSocket
public ServerSocket createServerSocket()
throws IOException
- Throws:
IOException
createServerSocket
public ServerSocket createServerSocket(int port,
int backlog,
InetAddress localHost)
throws IOException
- Attempts to get a new socket connection to the given host within the
given time limit.
- Parameters:
localHost
- the local host name/IP to bind against (null == ANY)port
- the port to listen onbacklog
- number of connections allowed to queue up for accept().
- Returns:
- SSLServerSocket a new server socket
- Throws:
IOException
- if an I/O error occurs while creating thesocket
doPreConnectServerSocketStuff
public void doPreConnectServerSocketStuff(SSLServerSocket s)
throws IOException
- Throws:
IOException
getSSLSocketFactory
public SSLSocketFactory getSSLSocketFactory()
getSSLServerSocketFactory
public SSLServerSocketFactory getSSLServerSocketFactory()
getConnectTimeout
public int getConnectTimeout()
getDefaultCipherSuites
public String[] getDefaultCipherSuites()
getSupportedCipherSuites
public String[] getSupportedCipherSuites()
getTrustChain
public TrustChain getTrustChain()
setCurrentServerChain
public void setCurrentServerChain(X509Certificate[] chain)
setCurrentClientChain
public void setCurrentClientChain(X509Certificate[] chain)
getCurrentServerChain
public X509Certificate[] getCurrentServerChain()
getCurrentClientChain
public X509Certificate[] getCurrentClientChain()
main
public static void main(String[] args)
addCipher
private static void addCipher(List l,
String c,
boolean printOnStandardOut)