org.apache.commons.ssl
Class SSL

java.lang.Object
  extended by org.apache.commons.ssl.SSL

public class SSL
extends Object

Not thread-safe. (But who would ever share this thing across multiple threads???)

Since:
May 1, 2006
Author:
Credit Union Central of British Columbia, www.cucbc.com, juliusdavies@cucbc.com

Field Summary
private  boolean checkCRL
           
private  boolean checkExpiry
           
private  boolean checkHostname
           
private  int connectTimeout
           
private  X509Certificate[] currentClientChain
           
private  X509Certificate[] currentServerChain
           
private  String defaultProtocol
           
private  Map dnsOverride
           
private  String[] enabledCiphers
           
private  String[] enabledProtocols
           
private  HostnameVerifier hostnameVerifier
           
private  int initCount
           
private  boolean isSecure
           
private  KeyMaterial keyMaterial
           
private static String[] KNOWN_PROTOCOLS
           
static SortedSet KNOWN_PROTOCOLS_SET
           
private  boolean needClientAuth
           
private  SSLServerSocketFactory serverSocketFactory
           
private  SSLSocketFactory socketFactory
           
private  int soTimeout
           
static String SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
           
static String SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
           
static String SSL_RSA_WITH_3DES_EDE_CBC_SHA
           
static String SSL_RSA_WITH_RC4_128_SHA
           
private  Object sslContext
           
private  SSLWrapperFactory sslWrapperFactory
           
private static String[] SUPPORTED_CIPHERS
           
static SortedSet SUPPORTED_CIPHERS_SET
           
static String TLS_DHE_DSS_WITH_AES_128_CBC_SHA
           
static String TLS_DHE_DSS_WITH_AES_256_CBC_SHA
           
static String TLS_DHE_RSA_WITH_AES_128_CBC_SHA
           
static String TLS_DHE_RSA_WITH_AES_256_CBC_SHA
           
static String TLS_RSA_WITH_AES_128_CBC_SHA
           
static String TLS_RSA_WITH_AES_256_CBC_SHA
           
private  TrustChain trustChain
           
private  boolean useClientMode
           
private  boolean useClientModeDefault
           
protected  boolean usingSystemProperties
           
private  boolean wantClientAuth
           
 
Constructor Summary
SSL()
           
 
Method Summary
private static void addCipher(List l, String c, boolean printOnStandardOut)
           
 void addTrustMaterial(TrustChain trustChain)
           
 ServerSocket createServerSocket()
           
 ServerSocket createServerSocket(int port, int backlog, InetAddress localHost)
          Attempts to get a new socket connection to the given host within the given time limit.
 Socket createSocket()
           
 Socket createSocket(Socket s, String remoteHost, int remotePort, boolean autoClose)
           
 Socket createSocket(String remoteHost, int remotePort, InetAddress localHost, int localPort, int timeout)
          Attempts to get a new socket connection to the given host within the given time limit.
private  void dirty()
           
private  void dirtyAndReloadIfYoung()
           
(package private)  String dnsOverride(String host)
           
 void doPostConnectSocketStuff(Socket s, String host)
           
 void doPreConnectServerSocketStuff(SSLServerSocket s)
           
 void doPreConnectSocketStuff(Socket s)
           
 X509Certificate[] getAssociatedCertificateChain()
           
 boolean getCheckCRL()
           
 boolean getCheckExpiry()
           
 boolean getCheckHostname()
           
 int getConnectTimeout()
           
 X509Certificate[] getCurrentClientChain()
           
 X509Certificate[] getCurrentServerChain()
           
 String[] getDefaultCipherSuites()
           
 String getDefaultProtocol()
           
 String[] getEnabledCiphers()
           
 String[] getEnabledProtocols()
           
 HostnameVerifier getHostnameVerifier()
           
 boolean getNeedClientAuth()
           
 int getSoTimeout()
           
 SSLContext getSSLContext()
           
 Object getSSLContextAsObject()
           
 SSLServerSocketFactory getSSLServerSocketFactory()
           
 SSLSocketFactory getSSLSocketFactory()
           
 SSLWrapperFactory getSSLWrapperFactory()
           
 String[] getSupportedCipherSuites()
           
 TrustChain getTrustChain()
           
 boolean getUseClientMode()
           
 boolean getUseClientModeDefault()
           
 boolean getWantClientAuth()
           
private  void init()
           
private  void initThrowRuntime()
           
 boolean isSecure()
           
static void main(String[] args)
           
 void setCheckCRL(boolean checkCRL)
           
 void setCheckExpiry(boolean checkExpiry)
           
 void setCheckHostname(boolean checkHostname)
           
 void setConnectTimeout(int connectTimeout)
           
 void setCurrentClientChain(X509Certificate[] chain)
           
 void setCurrentServerChain(X509Certificate[] chain)
           
 void setDefaultProtocol(String protocol)
           
 void setDnsOverride(Map m)
           
 void setEnabledCiphers(String[] ciphers)
           
 void setEnabledProtocols(String[] protocols)
           
 void setHostnameVerifier(HostnameVerifier verifier)
           
 void setIsSecure(boolean b)
           
 void setKeyMaterial(KeyMaterial keyMaterial)
           
 void setNeedClientAuth(boolean needClientAuth)
           
 void setSoTimeout(int soTimeout)
           
 void setSSLWrapperFactory(SSLWrapperFactory wf)
           
 void setTrustMaterial(TrustChain trustChain)
           
 void setUseClientMode(boolean useClientMode)
           
 void setWantClientAuth(boolean wantClientAuth)
           
 void useDefaultJavaCiphers()
           
 void useStrongCiphers()
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

KNOWN_PROTOCOLS

private static final String[] KNOWN_PROTOCOLS

SUPPORTED_CIPHERS

private static final String[] SUPPORTED_CIPHERS

KNOWN_PROTOCOLS_SET

public static final SortedSet KNOWN_PROTOCOLS_SET

SUPPORTED_CIPHERS_SET

public static final SortedSet SUPPORTED_CIPHERS_SET

SSL_RSA_WITH_RC4_128_SHA

public static final String SSL_RSA_WITH_RC4_128_SHA
See Also:
Constant Field Values

SSL_RSA_WITH_3DES_EDE_CBC_SHA

public static final String SSL_RSA_WITH_3DES_EDE_CBC_SHA
See Also:
Constant Field Values

SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA

public static final String SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
See Also:
Constant Field Values

SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA

public static final String SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
See Also:
Constant Field Values

TLS_RSA_WITH_AES_128_CBC_SHA

public static final String TLS_RSA_WITH_AES_128_CBC_SHA
See Also:
Constant Field Values

TLS_DHE_RSA_WITH_AES_128_CBC_SHA

public static final String TLS_DHE_RSA_WITH_AES_128_CBC_SHA
See Also:
Constant Field Values

TLS_DHE_DSS_WITH_AES_128_CBC_SHA

public static final String TLS_DHE_DSS_WITH_AES_128_CBC_SHA
See Also:
Constant Field Values

TLS_RSA_WITH_AES_256_CBC_SHA

public static final String TLS_RSA_WITH_AES_256_CBC_SHA
See Also:
Constant Field Values

TLS_DHE_RSA_WITH_AES_256_CBC_SHA

public static final String TLS_DHE_RSA_WITH_AES_256_CBC_SHA
See Also:
Constant Field Values

TLS_DHE_DSS_WITH_AES_256_CBC_SHA

public static final String TLS_DHE_DSS_WITH_AES_256_CBC_SHA
See Also:
Constant Field Values

sslContext

private Object sslContext

initCount

private int initCount

socketFactory

private SSLSocketFactory socketFactory

serverSocketFactory

private SSLServerSocketFactory serverSocketFactory

hostnameVerifier

private HostnameVerifier hostnameVerifier

isSecure

private boolean isSecure

checkHostname

private boolean checkHostname

checkCRL

private boolean checkCRL

checkExpiry

private boolean checkExpiry

useClientMode

private boolean useClientMode

useClientModeDefault

private boolean useClientModeDefault

soTimeout

private int soTimeout

connectTimeout

private int connectTimeout

trustChain

private TrustChain trustChain

keyMaterial

private KeyMaterial keyMaterial

enabledCiphers

private String[] enabledCiphers

enabledProtocols

private String[] enabledProtocols

defaultProtocol

private String defaultProtocol

currentServerChain

private X509Certificate[] currentServerChain

currentClientChain

private X509Certificate[] currentClientChain

wantClientAuth

private boolean wantClientAuth

needClientAuth

private boolean needClientAuth

sslWrapperFactory

private SSLWrapperFactory sslWrapperFactory

dnsOverride

private Map dnsOverride

usingSystemProperties

protected final boolean usingSystemProperties
Constructor Detail

SSL

public SSL()
    throws GeneralSecurityException,
           IOException
Throws:
GeneralSecurityException
IOException
Method Detail

dirty

private void dirty()

dirtyAndReloadIfYoung

private void dirtyAndReloadIfYoung()
                            throws NoSuchAlgorithmException,
                                   KeyStoreException,
                                   KeyManagementException,
                                   IOException,
                                   CertificateException
Throws:
NoSuchAlgorithmException
KeyStoreException
KeyManagementException
IOException
CertificateException

dnsOverride

String dnsOverride(String host)

setDnsOverride

public void setDnsOverride(Map m)

setIsSecure

public void setIsSecure(boolean b)

isSecure

public boolean isSecure()

getSSLContext

public SSLContext getSSLContext()
                         throws GeneralSecurityException,
                                IOException
Throws:
GeneralSecurityException
IOException

getSSLContextAsObject

public Object getSSLContextAsObject()
                             throws GeneralSecurityException,
                                    IOException
Returns:
com.sun.net.ssl.SSLContext or javax.net.ssl.SSLContext depending on the JSSE implementation we're using.
Throws:
GeneralSecurityException - problem creating SSLContext
IOException - problem creating SSLContext

addTrustMaterial

public void addTrustMaterial(TrustChain trustChain)
                      throws NoSuchAlgorithmException,
                             KeyStoreException,
                             KeyManagementException,
                             IOException,
                             CertificateException
Throws:
NoSuchAlgorithmException
KeyStoreException
KeyManagementException
IOException
CertificateException

setTrustMaterial

public void setTrustMaterial(TrustChain trustChain)
                      throws NoSuchAlgorithmException,
                             KeyStoreException,
                             KeyManagementException,
                             IOException,
                             CertificateException
Throws:
NoSuchAlgorithmException
KeyStoreException
KeyManagementException
IOException
CertificateException

setKeyMaterial

public void setKeyMaterial(KeyMaterial keyMaterial)
                    throws NoSuchAlgorithmException,
                           KeyStoreException,
                           KeyManagementException,
                           IOException,
                           CertificateException
Throws:
NoSuchAlgorithmException
KeyStoreException
KeyManagementException
IOException
CertificateException

getAssociatedCertificateChain

public X509Certificate[] getAssociatedCertificateChain()

getEnabledCiphers

public String[] getEnabledCiphers()

useDefaultJavaCiphers

public void useDefaultJavaCiphers()

useStrongCiphers

public void useStrongCiphers()

setEnabledCiphers

public void setEnabledCiphers(String[] ciphers)

getEnabledProtocols

public String[] getEnabledProtocols()

setEnabledProtocols

public void setEnabledProtocols(String[] protocols)

getDefaultProtocol

public String getDefaultProtocol()

setDefaultProtocol

public void setDefaultProtocol(String protocol)

getCheckHostname

public boolean getCheckHostname()

setCheckHostname

public void setCheckHostname(boolean checkHostname)

setHostnameVerifier

public void setHostnameVerifier(HostnameVerifier verifier)

getHostnameVerifier

public HostnameVerifier getHostnameVerifier()

getCheckCRL

public boolean getCheckCRL()

setCheckCRL

public void setCheckCRL(boolean checkCRL)

getCheckExpiry

public boolean getCheckExpiry()

setCheckExpiry

public void setCheckExpiry(boolean checkExpiry)

setSoTimeout

public void setSoTimeout(int soTimeout)

getSoTimeout

public int getSoTimeout()

setConnectTimeout

public void setConnectTimeout(int connectTimeout)

setUseClientMode

public void setUseClientMode(boolean useClientMode)

getUseClientModeDefault

public boolean getUseClientModeDefault()

getUseClientMode

public boolean getUseClientMode()

setWantClientAuth

public void setWantClientAuth(boolean wantClientAuth)

setNeedClientAuth

public void setNeedClientAuth(boolean needClientAuth)

getWantClientAuth

public boolean getWantClientAuth()

getNeedClientAuth

public boolean getNeedClientAuth()

getSSLWrapperFactory

public SSLWrapperFactory getSSLWrapperFactory()

setSSLWrapperFactory

public void setSSLWrapperFactory(SSLWrapperFactory wf)

initThrowRuntime

private void initThrowRuntime()

init

private void init()
           throws NoSuchAlgorithmException,
                  KeyStoreException,
                  KeyManagementException,
                  IOException,
                  CertificateException
Throws:
NoSuchAlgorithmException
KeyStoreException
KeyManagementException
IOException
CertificateException

doPreConnectSocketStuff

public void doPreConnectSocketStuff(Socket s)
                             throws IOException
Throws:
IOException

doPostConnectSocketStuff

public void doPostConnectSocketStuff(Socket s,
                                     String host)
                              throws IOException
Throws:
IOException

createSocket

public Socket createSocket()
                    throws IOException
Throws:
IOException

createSocket

public Socket createSocket(String remoteHost,
                           int remotePort,
                           InetAddress localHost,
                           int localPort,
                           int timeout)
                    throws IOException
Attempts to get a new socket connection to the given host within the given time limit.

Parameters:
remoteHost - the host name/IP
remotePort - the port on the host
localHost - the local host name/IP to bind the socket to
localPort - the port on the local machine
timeout - the connection timeout (0==infinite)
Returns:
Socket a new socket
Throws:
IOException - if an I/O error occurs while creating the socket
UnknownHostException - if the IP address of the host cannot be determined

createSocket

public Socket createSocket(Socket s,
                           String remoteHost,
                           int remotePort,
                           boolean autoClose)
                    throws IOException
Throws:
IOException

createServerSocket

public ServerSocket createServerSocket()
                                throws IOException
Throws:
IOException

createServerSocket

public ServerSocket createServerSocket(int port,
                                       int backlog,
                                       InetAddress localHost)
                                throws IOException
Attempts to get a new socket connection to the given host within the given time limit.

Parameters:
localHost - the local host name/IP to bind against (null == ANY)
port - the port to listen on
backlog - number of connections allowed to queue up for accept().
Returns:
SSLServerSocket a new server socket
Throws:
IOException - if an I/O error occurs while creating thesocket

doPreConnectServerSocketStuff

public void doPreConnectServerSocketStuff(SSLServerSocket s)
                                   throws IOException
Throws:
IOException

getSSLSocketFactory

public SSLSocketFactory getSSLSocketFactory()

getSSLServerSocketFactory

public SSLServerSocketFactory getSSLServerSocketFactory()

getConnectTimeout

public int getConnectTimeout()

getDefaultCipherSuites

public String[] getDefaultCipherSuites()

getSupportedCipherSuites

public String[] getSupportedCipherSuites()

getTrustChain

public TrustChain getTrustChain()

setCurrentServerChain

public void setCurrentServerChain(X509Certificate[] chain)

setCurrentClientChain

public void setCurrentClientChain(X509Certificate[] chain)

getCurrentServerChain

public X509Certificate[] getCurrentServerChain()

getCurrentClientChain

public X509Certificate[] getCurrentClientChain()

main

public static void main(String[] args)

addCipher

private static void addCipher(List l,
                              String c,
                              boolean printOnStandardOut)