org.apache.commons.ssl
Class SSL

java.lang.Object
  extended by org.apache.commons.ssl.SSL

public class SSL
extends java.lang.Object

Not thread-safe. (But who would ever share this thing across multiple threads???)

Since:
May 1, 2006
Author:
Credit Union Central of British Columbia, www.cucbc.com, juliusdavies@cucbc.com

Field Summary
private  boolean checkCRL
           
private  boolean checkExpiry
           
private  boolean checkHostname
           
private  int connectTimeout
           
private  java.security.cert.X509Certificate[] currentClientChain
           
private  java.security.cert.X509Certificate[] currentServerChain
           
private  java.lang.String defaultProtocol
           
private  java.util.Map dnsOverride
           
private  java.lang.String[] enabledCiphers
           
private  java.lang.String[] enabledProtocols
           
private  HostnameVerifier hostnameVerifier
           
private  int initCount
           
private  boolean isSecure
           
private  KeyMaterial keyMaterial
           
private static java.lang.String[] KNOWN_PROTOCOLS
           
static java.util.SortedSet KNOWN_PROTOCOLS_SET
           
private  boolean needClientAuth
           
private  javax.net.ssl.SSLServerSocketFactory serverSocketFactory
           
private  javax.net.ssl.SSLSocketFactory socketFactory
           
private  int soTimeout
           
static java.lang.String SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
           
static java.lang.String SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
           
static java.lang.String SSL_RSA_WITH_3DES_EDE_CBC_SHA
           
static java.lang.String SSL_RSA_WITH_RC4_128_SHA
           
private  java.lang.Object sslContext
           
private  SSLWrapperFactory sslWrapperFactory
           
private static java.lang.String[] SUPPORTED_CIPHERS
           
static java.util.SortedSet SUPPORTED_CIPHERS_SET
           
static java.lang.String TLS_DHE_DSS_WITH_AES_128_CBC_SHA
           
static java.lang.String TLS_DHE_DSS_WITH_AES_256_CBC_SHA
           
static java.lang.String TLS_DHE_RSA_WITH_AES_128_CBC_SHA
           
static java.lang.String TLS_DHE_RSA_WITH_AES_256_CBC_SHA
           
static java.lang.String TLS_RSA_WITH_AES_128_CBC_SHA
           
static java.lang.String TLS_RSA_WITH_AES_256_CBC_SHA
           
private  TrustChain trustChain
           
private  boolean useClientMode
           
private  boolean useClientModeDefault
           
protected  boolean usingSystemProperties
           
private  boolean wantClientAuth
           
 
Constructor Summary
SSL()
           
 
Method Summary
private static void addCipher(java.util.List l, java.lang.String c, boolean printOnStandardOut)
           
 void addTrustMaterial(TrustChain trustChain)
           
 java.net.ServerSocket createServerSocket()
           
 java.net.ServerSocket createServerSocket(int port, int backlog, java.net.InetAddress localHost)
          Attempts to get a new socket connection to the given host within the given time limit.
 java.net.Socket createSocket()
           
 java.net.Socket createSocket(java.net.Socket s, java.lang.String remoteHost, int remotePort, boolean autoClose)
           
 java.net.Socket createSocket(java.lang.String remoteHost, int remotePort, java.net.InetAddress localHost, int localPort, int timeout)
          Attempts to get a new socket connection to the given host within the given time limit.
private  void dirty()
           
private  void dirtyAndReloadIfYoung()
           
(package private)  java.lang.String dnsOverride(java.lang.String host)
           
 void doPostConnectSocketStuff(java.net.Socket s, java.lang.String host)
           
 void doPreConnectServerSocketStuff(javax.net.ssl.SSLServerSocket s)
           
 void doPreConnectSocketStuff(java.net.Socket s)
           
 java.security.cert.X509Certificate[] getAssociatedCertificateChain()
           
 boolean getCheckCRL()
           
 boolean getCheckExpiry()
           
 boolean getCheckHostname()
           
 int getConnectTimeout()
           
 java.security.cert.X509Certificate[] getCurrentClientChain()
           
 java.security.cert.X509Certificate[] getCurrentServerChain()
           
 java.lang.String[] getDefaultCipherSuites()
           
 java.lang.String getDefaultProtocol()
           
 java.lang.String[] getEnabledCiphers()
           
 java.lang.String[] getEnabledProtocols()
           
 HostnameVerifier getHostnameVerifier()
           
 boolean getNeedClientAuth()
           
 int getSoTimeout()
           
 javax.net.ssl.SSLContext getSSLContext()
           
 java.lang.Object getSSLContextAsObject()
           
 javax.net.ssl.SSLServerSocketFactory getSSLServerSocketFactory()
           
 javax.net.ssl.SSLSocketFactory getSSLSocketFactory()
           
 SSLWrapperFactory getSSLWrapperFactory()
           
 java.lang.String[] getSupportedCipherSuites()
           
 TrustChain getTrustChain()
           
 boolean getUseClientMode()
           
 boolean getUseClientModeDefault()
           
 boolean getWantClientAuth()
           
private  void init()
           
private  void initThrowRuntime()
           
 boolean isSecure()
           
static void main(java.lang.String[] args)
           
 void setCheckCRL(boolean checkCRL)
           
 void setCheckExpiry(boolean checkExpiry)
           
 void setCheckHostname(boolean checkHostname)
           
 void setConnectTimeout(int connectTimeout)
           
 void setCurrentClientChain(java.security.cert.X509Certificate[] chain)
           
 void setCurrentServerChain(java.security.cert.X509Certificate[] chain)
           
 void setDefaultProtocol(java.lang.String protocol)
           
 void setDnsOverride(java.util.Map m)
           
 void setEnabledCiphers(java.lang.String[] ciphers)
           
 void setEnabledProtocols(java.lang.String[] protocols)
           
 void setHostnameVerifier(HostnameVerifier verifier)
           
 void setIsSecure(boolean b)
           
 void setKeyMaterial(KeyMaterial keyMaterial)
           
 void setNeedClientAuth(boolean needClientAuth)
           
 void setSoTimeout(int soTimeout)
           
 void setSSLWrapperFactory(SSLWrapperFactory wf)
           
 void setTrustMaterial(TrustChain trustChain)
           
 void setUseClientMode(boolean useClientMode)
           
 void setWantClientAuth(boolean wantClientAuth)
           
 void useDefaultJavaCiphers()
           
 void useStrongCiphers()
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

KNOWN_PROTOCOLS

private static final java.lang.String[] KNOWN_PROTOCOLS

SUPPORTED_CIPHERS

private static final java.lang.String[] SUPPORTED_CIPHERS

KNOWN_PROTOCOLS_SET

public static final java.util.SortedSet KNOWN_PROTOCOLS_SET

SUPPORTED_CIPHERS_SET

public static final java.util.SortedSet SUPPORTED_CIPHERS_SET

SSL_RSA_WITH_RC4_128_SHA

public static final java.lang.String SSL_RSA_WITH_RC4_128_SHA
See Also:
Constant Field Values

SSL_RSA_WITH_3DES_EDE_CBC_SHA

public static final java.lang.String SSL_RSA_WITH_3DES_EDE_CBC_SHA
See Also:
Constant Field Values

SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA

public static final java.lang.String SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
See Also:
Constant Field Values

SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA

public static final java.lang.String SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
See Also:
Constant Field Values

TLS_RSA_WITH_AES_128_CBC_SHA

public static final java.lang.String TLS_RSA_WITH_AES_128_CBC_SHA
See Also:
Constant Field Values

TLS_DHE_RSA_WITH_AES_128_CBC_SHA

public static final java.lang.String TLS_DHE_RSA_WITH_AES_128_CBC_SHA
See Also:
Constant Field Values

TLS_DHE_DSS_WITH_AES_128_CBC_SHA

public static final java.lang.String TLS_DHE_DSS_WITH_AES_128_CBC_SHA
See Also:
Constant Field Values

TLS_RSA_WITH_AES_256_CBC_SHA

public static final java.lang.String TLS_RSA_WITH_AES_256_CBC_SHA
See Also:
Constant Field Values

TLS_DHE_RSA_WITH_AES_256_CBC_SHA

public static final java.lang.String TLS_DHE_RSA_WITH_AES_256_CBC_SHA
See Also:
Constant Field Values

TLS_DHE_DSS_WITH_AES_256_CBC_SHA

public static final java.lang.String TLS_DHE_DSS_WITH_AES_256_CBC_SHA
See Also:
Constant Field Values

sslContext

private java.lang.Object sslContext

initCount

private int initCount

socketFactory

private javax.net.ssl.SSLSocketFactory socketFactory

serverSocketFactory

private javax.net.ssl.SSLServerSocketFactory serverSocketFactory

hostnameVerifier

private HostnameVerifier hostnameVerifier

isSecure

private boolean isSecure

checkHostname

private boolean checkHostname

checkCRL

private boolean checkCRL

checkExpiry

private boolean checkExpiry

useClientMode

private boolean useClientMode

useClientModeDefault

private boolean useClientModeDefault

soTimeout

private int soTimeout

connectTimeout

private int connectTimeout

trustChain

private TrustChain trustChain

keyMaterial

private KeyMaterial keyMaterial

enabledCiphers

private java.lang.String[] enabledCiphers

enabledProtocols

private java.lang.String[] enabledProtocols

defaultProtocol

private java.lang.String defaultProtocol

currentServerChain

private java.security.cert.X509Certificate[] currentServerChain

currentClientChain

private java.security.cert.X509Certificate[] currentClientChain

wantClientAuth

private boolean wantClientAuth

needClientAuth

private boolean needClientAuth

sslWrapperFactory

private SSLWrapperFactory sslWrapperFactory

dnsOverride

private java.util.Map dnsOverride

usingSystemProperties

protected final boolean usingSystemProperties
Constructor Detail

SSL

public SSL()
    throws java.security.GeneralSecurityException,
           java.io.IOException
Throws:
java.security.GeneralSecurityException
java.io.IOException
Method Detail

dirty

private void dirty()

dirtyAndReloadIfYoung

private void dirtyAndReloadIfYoung()
                            throws java.security.NoSuchAlgorithmException,
                                   java.security.KeyStoreException,
                                   java.security.KeyManagementException,
                                   java.io.IOException,
                                   java.security.cert.CertificateException
Throws:
java.security.NoSuchAlgorithmException
java.security.KeyStoreException
java.security.KeyManagementException
java.io.IOException
java.security.cert.CertificateException

dnsOverride

java.lang.String dnsOverride(java.lang.String host)

setDnsOverride

public void setDnsOverride(java.util.Map m)

setIsSecure

public void setIsSecure(boolean b)

isSecure

public boolean isSecure()

getSSLContext

public javax.net.ssl.SSLContext getSSLContext()
                                       throws java.security.GeneralSecurityException,
                                              java.io.IOException
Throws:
java.security.GeneralSecurityException
java.io.IOException

getSSLContextAsObject

public java.lang.Object getSSLContextAsObject()
                                       throws java.security.GeneralSecurityException,
                                              java.io.IOException
Returns:
com.sun.net.ssl.SSLContext or javax.net.ssl.SSLContext depending on the JSSE implementation we're using.
Throws:
java.security.GeneralSecurityException - problem creating SSLContext
java.io.IOException - problem creating SSLContext

addTrustMaterial

public void addTrustMaterial(TrustChain trustChain)
                      throws java.security.NoSuchAlgorithmException,
                             java.security.KeyStoreException,
                             java.security.KeyManagementException,
                             java.io.IOException,
                             java.security.cert.CertificateException
Throws:
java.security.NoSuchAlgorithmException
java.security.KeyStoreException
java.security.KeyManagementException
java.io.IOException
java.security.cert.CertificateException

setTrustMaterial

public void setTrustMaterial(TrustChain trustChain)
                      throws java.security.NoSuchAlgorithmException,
                             java.security.KeyStoreException,
                             java.security.KeyManagementException,
                             java.io.IOException,
                             java.security.cert.CertificateException
Throws:
java.security.NoSuchAlgorithmException
java.security.KeyStoreException
java.security.KeyManagementException
java.io.IOException
java.security.cert.CertificateException

setKeyMaterial

public void setKeyMaterial(KeyMaterial keyMaterial)
                    throws java.security.NoSuchAlgorithmException,
                           java.security.KeyStoreException,
                           java.security.KeyManagementException,
                           java.io.IOException,
                           java.security.cert.CertificateException
Throws:
java.security.NoSuchAlgorithmException
java.security.KeyStoreException
java.security.KeyManagementException
java.io.IOException
java.security.cert.CertificateException

getAssociatedCertificateChain

public java.security.cert.X509Certificate[] getAssociatedCertificateChain()

getEnabledCiphers

public java.lang.String[] getEnabledCiphers()

useDefaultJavaCiphers

public void useDefaultJavaCiphers()

useStrongCiphers

public void useStrongCiphers()

setEnabledCiphers

public void setEnabledCiphers(java.lang.String[] ciphers)

getEnabledProtocols

public java.lang.String[] getEnabledProtocols()

setEnabledProtocols

public void setEnabledProtocols(java.lang.String[] protocols)

getDefaultProtocol

public java.lang.String getDefaultProtocol()

setDefaultProtocol

public void setDefaultProtocol(java.lang.String protocol)

getCheckHostname

public boolean getCheckHostname()

setCheckHostname

public void setCheckHostname(boolean checkHostname)

setHostnameVerifier

public void setHostnameVerifier(HostnameVerifier verifier)

getHostnameVerifier

public HostnameVerifier getHostnameVerifier()

getCheckCRL

public boolean getCheckCRL()

setCheckCRL

public void setCheckCRL(boolean checkCRL)

getCheckExpiry

public boolean getCheckExpiry()

setCheckExpiry

public void setCheckExpiry(boolean checkExpiry)

setSoTimeout

public void setSoTimeout(int soTimeout)

getSoTimeout

public int getSoTimeout()

setConnectTimeout

public void setConnectTimeout(int connectTimeout)

setUseClientMode

public void setUseClientMode(boolean useClientMode)

getUseClientModeDefault

public boolean getUseClientModeDefault()

getUseClientMode

public boolean getUseClientMode()

setWantClientAuth

public void setWantClientAuth(boolean wantClientAuth)

setNeedClientAuth

public void setNeedClientAuth(boolean needClientAuth)

getWantClientAuth

public boolean getWantClientAuth()

getNeedClientAuth

public boolean getNeedClientAuth()

getSSLWrapperFactory

public SSLWrapperFactory getSSLWrapperFactory()

setSSLWrapperFactory

public void setSSLWrapperFactory(SSLWrapperFactory wf)

initThrowRuntime

private void initThrowRuntime()

init

private void init()
           throws java.security.NoSuchAlgorithmException,
                  java.security.KeyStoreException,
                  java.security.KeyManagementException,
                  java.io.IOException,
                  java.security.cert.CertificateException
Throws:
java.security.NoSuchAlgorithmException
java.security.KeyStoreException
java.security.KeyManagementException
java.io.IOException
java.security.cert.CertificateException

doPreConnectSocketStuff

public void doPreConnectSocketStuff(java.net.Socket s)
                             throws java.io.IOException
Throws:
java.io.IOException

doPostConnectSocketStuff

public void doPostConnectSocketStuff(java.net.Socket s,
                                     java.lang.String host)
                              throws java.io.IOException
Throws:
java.io.IOException

createSocket

public java.net.Socket createSocket()
                             throws java.io.IOException
Throws:
java.io.IOException

createSocket

public java.net.Socket createSocket(java.lang.String remoteHost,
                                    int remotePort,
                                    java.net.InetAddress localHost,
                                    int localPort,
                                    int timeout)
                             throws java.io.IOException
Attempts to get a new socket connection to the given host within the given time limit.

Parameters:
remoteHost - the host name/IP
remotePort - the port on the host
localHost - the local host name/IP to bind the socket to
localPort - the port on the local machine
timeout - the connection timeout (0==infinite)
Returns:
Socket a new socket
Throws:
java.io.IOException - if an I/O error occurs while creating the socket
java.net.UnknownHostException - if the IP address of the host cannot be determined

createSocket

public java.net.Socket createSocket(java.net.Socket s,
                                    java.lang.String remoteHost,
                                    int remotePort,
                                    boolean autoClose)
                             throws java.io.IOException
Throws:
java.io.IOException

createServerSocket

public java.net.ServerSocket createServerSocket()
                                         throws java.io.IOException
Throws:
java.io.IOException

createServerSocket

public java.net.ServerSocket createServerSocket(int port,
                                                int backlog,
                                                java.net.InetAddress localHost)
                                         throws java.io.IOException
Attempts to get a new socket connection to the given host within the given time limit.

Parameters:
localHost - the local host name/IP to bind against (null == ANY)
port - the port to listen on
backlog - number of connections allowed to queue up for accept().
Returns:
SSLServerSocket a new server socket
Throws:
java.io.IOException - if an I/O error occurs while creating thesocket

doPreConnectServerSocketStuff

public void doPreConnectServerSocketStuff(javax.net.ssl.SSLServerSocket s)
                                   throws java.io.IOException
Throws:
java.io.IOException

getSSLSocketFactory

public javax.net.ssl.SSLSocketFactory getSSLSocketFactory()

getSSLServerSocketFactory

public javax.net.ssl.SSLServerSocketFactory getSSLServerSocketFactory()

getConnectTimeout

public int getConnectTimeout()

getDefaultCipherSuites

public java.lang.String[] getDefaultCipherSuites()

getSupportedCipherSuites

public java.lang.String[] getSupportedCipherSuites()

getTrustChain

public TrustChain getTrustChain()

setCurrentServerChain

public void setCurrentServerChain(java.security.cert.X509Certificate[] chain)

setCurrentClientChain

public void setCurrentClientChain(java.security.cert.X509Certificate[] chain)

getCurrentServerChain

public java.security.cert.X509Certificate[] getCurrentServerChain()

getCurrentClientChain

public java.security.cert.X509Certificate[] getCurrentClientChain()

main

public static void main(java.lang.String[] args)

addCipher

private static void addCipher(java.util.List l,
                              java.lang.String c,
                              boolean printOnStandardOut)