public final class TlsConfiguration extends Object implements TlsDirectTrustStore, TlsDirectKeyStore, TlsIndirectKeyStore
TlsIndirectTrustStore
,
TlsDirectTrustStore
,
TlsDirectKeyStore
and TlsIndirectKeyStore
should provide guidance to individual
properties. In addition you should check the documentation for the specific protocol / connector
used and may also need to read the discussion on direct and indirect socket and store creation
below (or, more simply, just use whichever key store interface your connector implements!).
TlsIndirectTrustStore
, TlsDirectTrustStore
,
TlsDirectKeyStore
and TlsIndirectKeyStore
, and then forward calls to the
interfaces to an instance of this class).
For setting System properties (and reading them) use TlsPropertiesMapper
. This
can take a "namespace" which can then be used by TlsPropertiesSocketFactory
to
construct an appropriate socket factory. This approach (storing to properties and then
retrieving that information later in a socket factory) lets us pass TLS/SSL configuration
into libraries that are configured by specifying on the socket factory class.
TlsDirectTrustStore
TlsDirectKeyStore
TlsIndirectKeyStore
TlsIndirectTrustStore
(a superclass of TlsDirectTrustStore
)
and relied on TlsIndirectKeyStore
from the SSL configuration. For continuity these
interfaces continue to be used, even though
the configurations are now typically (see individual connector/protocol documentation) specific
to a protocol or connector. Note - these interfaces are new, but the original code had
those methods, used as described. The new interfaces only make things explicit.
Note for programmers One way to understand the above is to see that many
protocols are handled by libraries that are configured by providing either properties or
a socket factory. In both cases (the latter via TlsPropertiesSocketFactory
) we
continue to use properties and the "indirect" interface. Note also that the mapping
in TlsPropertiesMapper
correctly handles the asymmetry, so an initial call to
TlsConfiguration
uses the keystore defined via TlsDirectKeyStore
, but
when a TlsConfiguration
is retrieved from System proerties using
TlsPropertiesMapper.readFromProperties(TlsConfiguration,java.util.Properties)
the "indirect" properties are supplied as "direct" values, meaning that the "indirect"
socket factory can be retrieved from getKeyManagerFactory()
. It just works.
Modifier and Type | Field and Description |
---|---|
static String |
DEFAULT_KEYMANAGER_ALGORITHM |
static String |
DEFAULT_KEYSTORE |
static String |
DEFAULT_KEYSTORE_TYPE |
static String |
DEFAULT_SECURITY_MODEL |
static String |
DEFAULT_SSL_TYPE |
static String |
FIPS_SECURITY_MODEL |
static String |
JSSE_NAMESPACE |
static String |
PROPERTIES_FILE_PATTERN |
Constructor and Description |
---|
TlsConfiguration(String keyStore)
Support for TLS connections with a given initial value for the key store
|
Modifier and Type | Method and Description |
---|---|
protected void |
checkKeyStoreContainsAlias(KeyStore keyStore) |
boolean |
equals(Object o) |
String |
getClientKeyStore() |
String |
getClientKeyStorePassword() |
String |
getClientKeyStoreType() |
String[] |
getEnabledCipherSuites() |
String[] |
getEnabledProtocols() |
String |
getKeyAlias() |
String |
getKeyManagerAlgorithm() |
KeyManagerFactory |
getKeyManagerFactory() |
String |
getKeyPassword() |
String |
getKeyStore() |
String |
getKeyStorePassword() |
String |
getKeyStoreType() |
SSLServerSocketFactory |
getServerSocketFactory() |
SSLSocketFactory |
getSocketFactory() |
SSLContext |
getSslContext() |
String |
getSslType() |
String |
getTrustManagerAlgorithm() |
TrustManagerFactory |
getTrustManagerFactory() |
String |
getTrustStore() |
String |
getTrustStorePassword() |
String |
getTrustStoreType() |
int |
hashCode() |
void |
initialise(boolean anon,
String namespace) |
boolean |
isExplicitTrustStoreOnly()
If the trust store is undefined and the trust store generated via System properties then the
key store certificates defined via TODO can be used as a source of trust information.
|
boolean |
isRequireClientAuthentication()
If a server socket is constructed directly (see
TlsConfiguration ) then this flag will
control whether client authenticatin is required. |
protected KeyStore |
loadKeyStore() |
void |
setClientKeyStore(String name) |
void |
setClientKeyStorePassword(String clientKeyStorePassword) |
void |
setClientKeyStoreType(String clientKeyStoreType) |
void |
setExplicitTrustStoreOnly(boolean explicitTrustStoreOnly)
If the trust store is undefined and the trust store generated via System properties then the
key store certificates defined via TODO can be used as a source of trust information.
|
void |
setKeyAlias(String keyAlias) |
void |
setKeyManagerAlgorithm(String keyManagerAlgorithm) |
void |
setKeyPassword(String keyPassword) |
void |
setKeyStore(String name) |
void |
setKeyStorePassword(String storePassword) |
void |
setKeyStoreType(String keystoreType) |
void |
setRequireClientAuthentication(boolean requireClientAuthentication)
If a server socket is constructed directly (see
TlsConfiguration ) then this flag will
control whether client authenticatin is required. |
void |
setSslType(String sslType) |
void |
setTrustManagerAlgorithm(String trustManagerAlgorithm) |
void |
setTrustManagerFactory(TrustManagerFactory trustManagerFactory) |
void |
setTrustStore(String name) |
void |
setTrustStorePassword(String trustStorePassword) |
void |
setTrustStoreType(String trustStoreType) |
public static final String DEFAULT_KEYSTORE
public static final String DEFAULT_KEYSTORE_TYPE
public static final String DEFAULT_KEYMANAGER_ALGORITHM
public static final String DEFAULT_SSL_TYPE
public static final String JSSE_NAMESPACE
public static final String PROPERTIES_FILE_PATTERN
public static final String DEFAULT_SECURITY_MODEL
public static final String FIPS_SECURITY_MODEL
public TlsConfiguration(String keyStore)
keyStore
- initial value for the key storepublic void initialise(boolean anon, String namespace) throws CreateException
anon
- If the connection is anonymous then we don't care about client keysnamespace
- Namespace to use for global properties (for JSSE use JSSE_NAMESPACE)CreateException
- ON initialisation problemsprotected KeyStore loadKeyStore() throws GeneralSecurityException, IOException
GeneralSecurityException
IOException
protected void checkKeyStoreContainsAlias(KeyStore keyStore) throws KeyStoreException
KeyStoreException
public SSLSocketFactory getSocketFactory() throws NoSuchAlgorithmException, KeyManagementException
public SSLServerSocketFactory getServerSocketFactory() throws NoSuchAlgorithmException, KeyManagementException
public String[] getEnabledCipherSuites()
public String[] getEnabledProtocols()
public SSLContext getSslContext() throws NoSuchAlgorithmException, KeyManagementException
public String getSslType()
public void setSslType(String sslType)
public String getKeyStore()
getKeyStore
in interface TlsDirectKeyStore
public void setKeyStore(String name) throws IOException
setKeyStore
in interface TlsDirectKeyStore
name
- The location of the keystore that contains public certificates and private keys
for identification.IOException
- If the location cannot be resolved via the file system or classpathpublic String getKeyPassword()
getKeyPassword
in interface TlsDirectKeyStore
public void setKeyPassword(String keyPassword)
setKeyPassword
in interface TlsDirectKeyStore
keyPassword
- The password used to protect the private key(s)public String getKeyStorePassword()
getKeyStorePassword
in interface TlsDirectKeyStore
public void setKeyStorePassword(String storePassword)
setKeyStorePassword
in interface TlsDirectKeyStore
storePassword
- The password used to protect the keystore itselfpublic String getKeyStoreType()
getKeyStoreType
in interface TlsDirectKeyStore
TlsDirectKeyStore.getKeyStore()
public void setKeyStoreType(String keystoreType)
setKeyStoreType
in interface TlsDirectKeyStore
keystoreType
- The type of keystore used in TlsDirectKeyStore.setKeyStore(String)
public String getKeyManagerAlgorithm()
getKeyManagerAlgorithm
in interface TlsDirectKeyStore
public void setKeyManagerAlgorithm(String keyManagerAlgorithm)
setKeyManagerAlgorithm
in interface TlsDirectKeyStore
keyManagerAlgorithm
- The algorithm used by the key store. The default comes from {public KeyManagerFactory getKeyManagerFactory()
getKeyManagerFactory
in interface TlsDirectKeyStore
public String getClientKeyStore()
getClientKeyStore
in interface TlsIndirectKeyStore
public void setClientKeyStore(String name) throws IOException
setClientKeyStore
in interface TlsIndirectKeyStore
name
- The location of the keystore that contains public certificates and private keys
for identification.IOException
- If the location cannot be resolved via the file system or classpathpublic String getClientKeyStorePassword()
getClientKeyStorePassword
in interface TlsIndirectKeyStore
public void setClientKeyStorePassword(String clientKeyStorePassword)
setClientKeyStorePassword
in interface TlsIndirectKeyStore
clientKeyStorePassword
- The password used to protect the keystore itselfpublic void setClientKeyStoreType(String clientKeyStoreType)
setClientKeyStoreType
in interface TlsIndirectKeyStore
public String getClientKeyStoreType()
getClientKeyStoreType
in interface TlsIndirectKeyStore
TlsIndirectKeyStore.setClientKeyStore(String)
public String getTrustStore()
getTrustStore
in interface TlsIndirectTrustStore
public void setTrustStore(String name) throws IOException
setTrustStore
in interface TlsIndirectTrustStore
name
- The location of the keystore that contains public certificates of trusted servers.IOException
- If the location cannot be resolved via the file system or classpathpublic String getTrustStorePassword()
getTrustStorePassword
in interface TlsIndirectTrustStore
TlsIndirectTrustStore.getTrustStore()
public void setTrustStorePassword(String trustStorePassword)
setTrustStorePassword
in interface TlsIndirectTrustStore
trustStorePassword
- The password used to protected the trust store defined in
TlsIndirectTrustStore.setTrustStore(String)
public String getTrustStoreType()
getTrustStoreType
in interface TlsDirectTrustStore
TlsIndirectTrustStore.getTrustStore()
public void setTrustStoreType(String trustStoreType)
setTrustStoreType
in interface TlsDirectTrustStore
trustStoreType
- The type of keystore used to implement the trust store defined in
TlsIndirectTrustStore.setTrustStore(String)
public String getTrustManagerAlgorithm()
getTrustManagerAlgorithm
in interface TlsDirectTrustStore
public void setTrustManagerAlgorithm(String trustManagerAlgorithm)
setTrustManagerAlgorithm
in interface TlsDirectTrustStore
trustManagerAlgorithm
- The algorithm used by the trust store.public TrustManagerFactory getTrustManagerFactory()
getTrustManagerFactory
in interface TlsDirectTrustStore
TlsDirectTrustStore.setTrustManagerFactory(TrustManagerFactory)
or one
constructed from the parameters in this interface (TlsDirectTrustStore.setTrustStoreType(String)
etc).public void setTrustManagerFactory(TrustManagerFactory trustManagerFactory)
setTrustManagerFactory
in interface TlsDirectTrustStore
trustManagerFactory
- The source of trust information if the store is accessed directly
(some connectors generate trust stores indirectly through System properties in which case this
value will be ignored - see TlsConfiguration
).public boolean isExplicitTrustStoreOnly()
TlsDirectTrustStore
isExplicitTrustStoreOnly
in interface TlsDirectTrustStore
public void setExplicitTrustStoreOnly(boolean explicitTrustStoreOnly)
TlsDirectTrustStore
setExplicitTrustStoreOnly
in interface TlsDirectTrustStore
explicitTrustStoreOnly
- true if the key store data should not be used when a trust
store is otherwise undefinedpublic boolean isRequireClientAuthentication()
TlsDirectTrustStore
TlsConfiguration
) then this flag will
control whether client authenticatin is required. This does not apply to client connections.isRequireClientAuthentication
in interface TlsDirectTrustStore
public void setRequireClientAuthentication(boolean requireClientAuthentication)
TlsDirectTrustStore
TlsConfiguration
) then this flag will
control whether client authenticatin is required. This does not apply to client connections.setRequireClientAuthentication
in interface TlsDirectTrustStore
requireClientAuthentication
- true if clients must be authenticatedpublic String getKeyAlias()
getKeyAlias
in interface TlsDirectKeyStore
public void setKeyAlias(String keyAlias)
setKeyAlias
in interface TlsDirectKeyStore
keyAlias
- of the key from the key store.Copyright © 2003–2015 MuleSoft, Inc.. All rights reserved.