org.apache.commons.ssl
Class SSL
java.lang.Object
org.apache.commons.ssl.SSL
public class SSL
- extends java.lang.Object
Not thread-safe. (But who would ever share this thing across multiple
threads???)
- Since:
- May 1, 2006
- Author:
- Credit Union Central of British Columbia, www.cucbc.com, juliusdavies@cucbc.com
Constructor Summary |
SSL()
|
Method Summary |
private static void |
addCipher(java.util.List l,
java.lang.String c,
boolean printOnStandardOut)
|
void |
addTrustMaterial(TrustChain trustChain)
|
java.net.ServerSocket |
createServerSocket()
|
java.net.ServerSocket |
createServerSocket(int port,
int backlog,
java.net.InetAddress localHost)
Attempts to get a new socket connection to the given host within the
given time limit. |
java.net.Socket |
createSocket()
|
java.net.Socket |
createSocket(java.net.Socket s,
java.lang.String remoteHost,
int remotePort,
boolean autoClose)
|
java.net.Socket |
createSocket(java.lang.String remoteHost,
int remotePort,
java.net.InetAddress localHost,
int localPort,
int timeout)
Attempts to get a new socket connection to the given host within the
given time limit. |
private void |
dirty()
|
private void |
dirtyAndReloadIfYoung()
|
(package private) java.lang.String |
dnsOverride(java.lang.String host)
|
void |
doPostConnectSocketStuff(java.net.Socket s,
java.lang.String host)
|
void |
doPreConnectServerSocketStuff(javax.net.ssl.SSLServerSocket s)
|
void |
doPreConnectSocketStuff(java.net.Socket s)
|
java.security.cert.X509Certificate[] |
getAssociatedCertificateChain()
|
boolean |
getCheckCRL()
|
boolean |
getCheckExpiry()
|
boolean |
getCheckHostname()
|
int |
getConnectTimeout()
|
java.security.cert.X509Certificate[] |
getCurrentClientChain()
|
java.security.cert.X509Certificate[] |
getCurrentServerChain()
|
java.lang.String[] |
getDefaultCipherSuites()
|
java.lang.String |
getDefaultProtocol()
|
java.lang.String[] |
getEnabledCiphers()
|
java.lang.String[] |
getEnabledProtocols()
|
HostnameVerifier |
getHostnameVerifier()
|
boolean |
getNeedClientAuth()
|
int |
getSoTimeout()
|
javax.net.ssl.SSLContext |
getSSLContext()
|
java.lang.Object |
getSSLContextAsObject()
|
javax.net.ssl.SSLServerSocketFactory |
getSSLServerSocketFactory()
|
javax.net.ssl.SSLSocketFactory |
getSSLSocketFactory()
|
SSLWrapperFactory |
getSSLWrapperFactory()
|
java.lang.String[] |
getSupportedCipherSuites()
|
TrustChain |
getTrustChain()
|
boolean |
getUseClientMode()
|
boolean |
getUseClientModeDefault()
|
boolean |
getWantClientAuth()
|
private void |
init()
|
private void |
initThrowRuntime()
|
boolean |
isSecure()
|
static void |
main(java.lang.String[] args)
|
void |
setCheckCRL(boolean checkCRL)
|
void |
setCheckExpiry(boolean checkExpiry)
|
void |
setCheckHostname(boolean checkHostname)
|
void |
setConnectTimeout(int connectTimeout)
|
void |
setCurrentClientChain(java.security.cert.X509Certificate[] chain)
|
void |
setCurrentServerChain(java.security.cert.X509Certificate[] chain)
|
void |
setDefaultProtocol(java.lang.String protocol)
|
void |
setDnsOverride(java.util.Map m)
|
void |
setEnabledCiphers(java.lang.String[] ciphers)
|
void |
setEnabledProtocols(java.lang.String[] protocols)
|
void |
setHostnameVerifier(HostnameVerifier verifier)
|
void |
setIsSecure(boolean b)
|
void |
setKeyMaterial(KeyMaterial keyMaterial)
|
void |
setNeedClientAuth(boolean needClientAuth)
|
void |
setSoTimeout(int soTimeout)
|
void |
setSSLWrapperFactory(SSLWrapperFactory wf)
|
void |
setTrustMaterial(TrustChain trustChain)
|
void |
setUseClientMode(boolean useClientMode)
|
void |
setWantClientAuth(boolean wantClientAuth)
|
void |
useDefaultJavaCiphers()
|
void |
useStrongCiphers()
|
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
KNOWN_PROTOCOLS
private static final java.lang.String[] KNOWN_PROTOCOLS
SUPPORTED_CIPHERS
private static final java.lang.String[] SUPPORTED_CIPHERS
KNOWN_PROTOCOLS_SET
public static final java.util.SortedSet KNOWN_PROTOCOLS_SET
SUPPORTED_CIPHERS_SET
public static final java.util.SortedSet SUPPORTED_CIPHERS_SET
SSL_RSA_WITH_RC4_128_SHA
public static final java.lang.String SSL_RSA_WITH_RC4_128_SHA
- See Also:
- Constant Field Values
SSL_RSA_WITH_3DES_EDE_CBC_SHA
public static final java.lang.String SSL_RSA_WITH_3DES_EDE_CBC_SHA
- See Also:
- Constant Field Values
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
public static final java.lang.String SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- See Also:
- Constant Field Values
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
public static final java.lang.String SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
- See Also:
- Constant Field Values
TLS_RSA_WITH_AES_128_CBC_SHA
public static final java.lang.String TLS_RSA_WITH_AES_128_CBC_SHA
- See Also:
- Constant Field Values
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
public static final java.lang.String TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- See Also:
- Constant Field Values
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
public static final java.lang.String TLS_DHE_DSS_WITH_AES_128_CBC_SHA
- See Also:
- Constant Field Values
TLS_RSA_WITH_AES_256_CBC_SHA
public static final java.lang.String TLS_RSA_WITH_AES_256_CBC_SHA
- See Also:
- Constant Field Values
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
public static final java.lang.String TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- See Also:
- Constant Field Values
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
public static final java.lang.String TLS_DHE_DSS_WITH_AES_256_CBC_SHA
- See Also:
- Constant Field Values
sslContext
private java.lang.Object sslContext
initCount
private int initCount
socketFactory
private javax.net.ssl.SSLSocketFactory socketFactory
serverSocketFactory
private javax.net.ssl.SSLServerSocketFactory serverSocketFactory
hostnameVerifier
private HostnameVerifier hostnameVerifier
isSecure
private boolean isSecure
checkHostname
private boolean checkHostname
checkCRL
private boolean checkCRL
checkExpiry
private boolean checkExpiry
useClientMode
private boolean useClientMode
useClientModeDefault
private boolean useClientModeDefault
soTimeout
private int soTimeout
connectTimeout
private int connectTimeout
trustChain
private TrustChain trustChain
keyMaterial
private KeyMaterial keyMaterial
enabledCiphers
private java.lang.String[] enabledCiphers
enabledProtocols
private java.lang.String[] enabledProtocols
defaultProtocol
private java.lang.String defaultProtocol
currentServerChain
private java.security.cert.X509Certificate[] currentServerChain
currentClientChain
private java.security.cert.X509Certificate[] currentClientChain
wantClientAuth
private boolean wantClientAuth
needClientAuth
private boolean needClientAuth
sslWrapperFactory
private SSLWrapperFactory sslWrapperFactory
dnsOverride
private java.util.Map dnsOverride
usingSystemProperties
protected final boolean usingSystemProperties
SSL
public SSL()
throws java.security.GeneralSecurityException,
java.io.IOException
- Throws:
java.security.GeneralSecurityException
java.io.IOException
dirty
private void dirty()
dirtyAndReloadIfYoung
private void dirtyAndReloadIfYoung()
throws java.security.NoSuchAlgorithmException,
java.security.KeyStoreException,
java.security.KeyManagementException,
java.io.IOException,
java.security.cert.CertificateException
- Throws:
java.security.NoSuchAlgorithmException
java.security.KeyStoreException
java.security.KeyManagementException
java.io.IOException
java.security.cert.CertificateException
dnsOverride
java.lang.String dnsOverride(java.lang.String host)
setDnsOverride
public void setDnsOverride(java.util.Map m)
setIsSecure
public void setIsSecure(boolean b)
isSecure
public boolean isSecure()
getSSLContext
public javax.net.ssl.SSLContext getSSLContext()
throws java.security.GeneralSecurityException,
java.io.IOException
- Throws:
java.security.GeneralSecurityException
java.io.IOException
getSSLContextAsObject
public java.lang.Object getSSLContextAsObject()
throws java.security.GeneralSecurityException,
java.io.IOException
- Returns:
- com.sun.net.ssl.SSLContext or javax.net.ssl.SSLContext depending
on the JSSE implementation we're using.
- Throws:
java.security.GeneralSecurityException
- problem creating SSLContext
java.io.IOException
- problem creating SSLContext
addTrustMaterial
public void addTrustMaterial(TrustChain trustChain)
throws java.security.NoSuchAlgorithmException,
java.security.KeyStoreException,
java.security.KeyManagementException,
java.io.IOException,
java.security.cert.CertificateException
- Throws:
java.security.NoSuchAlgorithmException
java.security.KeyStoreException
java.security.KeyManagementException
java.io.IOException
java.security.cert.CertificateException
setTrustMaterial
public void setTrustMaterial(TrustChain trustChain)
throws java.security.NoSuchAlgorithmException,
java.security.KeyStoreException,
java.security.KeyManagementException,
java.io.IOException,
java.security.cert.CertificateException
- Throws:
java.security.NoSuchAlgorithmException
java.security.KeyStoreException
java.security.KeyManagementException
java.io.IOException
java.security.cert.CertificateException
setKeyMaterial
public void setKeyMaterial(KeyMaterial keyMaterial)
throws java.security.NoSuchAlgorithmException,
java.security.KeyStoreException,
java.security.KeyManagementException,
java.io.IOException,
java.security.cert.CertificateException
- Throws:
java.security.NoSuchAlgorithmException
java.security.KeyStoreException
java.security.KeyManagementException
java.io.IOException
java.security.cert.CertificateException
getAssociatedCertificateChain
public java.security.cert.X509Certificate[] getAssociatedCertificateChain()
getEnabledCiphers
public java.lang.String[] getEnabledCiphers()
useDefaultJavaCiphers
public void useDefaultJavaCiphers()
useStrongCiphers
public void useStrongCiphers()
setEnabledCiphers
public void setEnabledCiphers(java.lang.String[] ciphers)
getEnabledProtocols
public java.lang.String[] getEnabledProtocols()
setEnabledProtocols
public void setEnabledProtocols(java.lang.String[] protocols)
getDefaultProtocol
public java.lang.String getDefaultProtocol()
setDefaultProtocol
public void setDefaultProtocol(java.lang.String protocol)
getCheckHostname
public boolean getCheckHostname()
setCheckHostname
public void setCheckHostname(boolean checkHostname)
setHostnameVerifier
public void setHostnameVerifier(HostnameVerifier verifier)
getHostnameVerifier
public HostnameVerifier getHostnameVerifier()
getCheckCRL
public boolean getCheckCRL()
setCheckCRL
public void setCheckCRL(boolean checkCRL)
getCheckExpiry
public boolean getCheckExpiry()
setCheckExpiry
public void setCheckExpiry(boolean checkExpiry)
setSoTimeout
public void setSoTimeout(int soTimeout)
getSoTimeout
public int getSoTimeout()
setConnectTimeout
public void setConnectTimeout(int connectTimeout)
setUseClientMode
public void setUseClientMode(boolean useClientMode)
getUseClientModeDefault
public boolean getUseClientModeDefault()
getUseClientMode
public boolean getUseClientMode()
setWantClientAuth
public void setWantClientAuth(boolean wantClientAuth)
setNeedClientAuth
public void setNeedClientAuth(boolean needClientAuth)
getWantClientAuth
public boolean getWantClientAuth()
getNeedClientAuth
public boolean getNeedClientAuth()
getSSLWrapperFactory
public SSLWrapperFactory getSSLWrapperFactory()
setSSLWrapperFactory
public void setSSLWrapperFactory(SSLWrapperFactory wf)
initThrowRuntime
private void initThrowRuntime()
init
private void init()
throws java.security.NoSuchAlgorithmException,
java.security.KeyStoreException,
java.security.KeyManagementException,
java.io.IOException,
java.security.cert.CertificateException
- Throws:
java.security.NoSuchAlgorithmException
java.security.KeyStoreException
java.security.KeyManagementException
java.io.IOException
java.security.cert.CertificateException
doPreConnectSocketStuff
public void doPreConnectSocketStuff(java.net.Socket s)
throws java.io.IOException
- Throws:
java.io.IOException
doPostConnectSocketStuff
public void doPostConnectSocketStuff(java.net.Socket s,
java.lang.String host)
throws java.io.IOException
- Throws:
java.io.IOException
createSocket
public java.net.Socket createSocket()
throws java.io.IOException
- Throws:
java.io.IOException
createSocket
public java.net.Socket createSocket(java.lang.String remoteHost,
int remotePort,
java.net.InetAddress localHost,
int localPort,
int timeout)
throws java.io.IOException
- Attempts to get a new socket connection to the given host within the
given time limit.
- Parameters:
remoteHost
- the host name/IPremotePort
- the port on the hostlocalHost
- the local host name/IP to bind the socket tolocalPort
- the port on the local machinetimeout
- the connection timeout (0==infinite)
- Returns:
- Socket a new socket
- Throws:
java.io.IOException
- if an I/O error occurs while creating the socket
java.net.UnknownHostException
- if the IP address of the host cannot be
determined
createSocket
public java.net.Socket createSocket(java.net.Socket s,
java.lang.String remoteHost,
int remotePort,
boolean autoClose)
throws java.io.IOException
- Throws:
java.io.IOException
createServerSocket
public java.net.ServerSocket createServerSocket()
throws java.io.IOException
- Throws:
java.io.IOException
createServerSocket
public java.net.ServerSocket createServerSocket(int port,
int backlog,
java.net.InetAddress localHost)
throws java.io.IOException
- Attempts to get a new socket connection to the given host within the
given time limit.
- Parameters:
localHost
- the local host name/IP to bind against (null == ANY)port
- the port to listen onbacklog
- number of connections allowed to queue up for accept().
- Returns:
- SSLServerSocket a new server socket
- Throws:
java.io.IOException
- if an I/O error occurs while creating thesocket
doPreConnectServerSocketStuff
public void doPreConnectServerSocketStuff(javax.net.ssl.SSLServerSocket s)
throws java.io.IOException
- Throws:
java.io.IOException
getSSLSocketFactory
public javax.net.ssl.SSLSocketFactory getSSLSocketFactory()
getSSLServerSocketFactory
public javax.net.ssl.SSLServerSocketFactory getSSLServerSocketFactory()
getConnectTimeout
public int getConnectTimeout()
getDefaultCipherSuites
public java.lang.String[] getDefaultCipherSuites()
getSupportedCipherSuites
public java.lang.String[] getSupportedCipherSuites()
getTrustChain
public TrustChain getTrustChain()
setCurrentServerChain
public void setCurrentServerChain(java.security.cert.X509Certificate[] chain)
setCurrentClientChain
public void setCurrentClientChain(java.security.cert.X509Certificate[] chain)
getCurrentServerChain
public java.security.cert.X509Certificate[] getCurrentServerChain()
getCurrentClientChain
public java.security.cert.X509Certificate[] getCurrentClientChain()
main
public static void main(java.lang.String[] args)
addCipher
private static void addCipher(java.util.List l,
java.lang.String c,
boolean printOnStandardOut)