org.restlet.ext.ssl
Class DefaultSslContextFactory

java.lang.Object
  extended by org.restlet.ext.ssl.SslContextFactory
      extended by org.restlet.ext.ssl.DefaultSslContextFactory

public class DefaultSslContextFactory
extends SslContextFactory

This SslContextFactory makes it possible to configure most basic options when building an SSLContext. See the init(Series) method for the list of parameters supported by this factory when configuring your HTTP client or server connector. Here is the list of SSL related parameters that are also supported:

Parameter name Value type Default value Description
disabledCipherSuites String null Whitespace-separated list of disabled cipher suites and/or can be specified multiple times. It affects the cipher suites manually enabled or the default ones.
disabledProtocols String (see Java Secure Socket Extension (JSSE) reference guide) TLS Whitespace-separated list of disabled SSL/TLS protocol names and/or can be specified multiple times. Used when creating SSL sockets and engines.
enabledCipherSuites String null Whitespace-separated list of enabled cipher suites and/or can be specified multiple times
enabledProtocols String (see Java Secure Socket Extension (JSSE) reference guide) TLS Whitespace-separated list of enabled SSL/TLS protocol names and/or can be specified multiple times. Used when creating SSL sockets and engines.
keyManagerAlgorithm String System property "ssl.KeyManagerFactory.algorithm" or "SunX509" Certificate algorithm for the key manager.
keyStorePath String ${user.home}/.keystore SSL keystore path.
keyStorePassword String System property "javax.net.ssl.keyStorePassword" SSL keystore password.
keyStoreType String JKS SSL keystore type
keyPassword String System property "javax.net.ssl.keyStorePassword" SSL key password.
needClientAuthentication boolean false Indicates if we require client certificate authentication. If set to 'true', the "wantClientAuthentication" parameter is ignored.
protocol String TLS (see Java Secure Socket Extension (JSSE) reference guide) SSL protocol used when creating the SSLContext.
secureRandomAlgorithm String null (see java.security.SecureRandom) Name of the RNG algorithm. (see java.security.SecureRandom class)
trustManagerAlgorithm String System property "ssl.TrustManagerFactory.algorithm" or "SunX509" Certificate algorithm for the trust manager.
trustStorePassword String System property "javax.net.ssl.trustStorePassword" Trust store password
trustStorePath String null Path to trust store
trustStoreType String System property "javax.net.ssl.trustStoreType" Trust store type
wantClientAuthentication boolean false Indicates if we would like client certificate authentication. Only taken into account if the "needClientAuthentication" parameter is 'false'.

In short, two instances of KeyStore are used when configuring an SSLContext: the key store (which contains the public and private keys and certificates to be used locally) and the trust store (which generally holds the CA certificates to be trusted when connecting to a remote host). Both keystore and trust store are KeyStores. When not explicitly set using the setters of this class, the values will default to the default system properties, following the behavior described in the JSSE reference guide.

There is more information in the JSSE Reference Guide.

Author:
Bruno Harbulot (Bruno.Harbulot@manchester.ac.uk)
See Also:
SSLContext, KeyStore, JSSE Reference - Standard names

Constructor Summary
DefaultSslContextFactory()
           
 
Method Summary
protected  DefaultSslContextFactory clone()
          This class is likely to contain sensitive information; cloning is therefore not allowed.
 SSLContext createSslContext()
          Creates a configured and initialized SSLContext from the values set via the various setters of this class.
protected  SSLContext createWrapper(SSLContext sslContext)
          Creates a new SSLContext wrapper.
 String[] getDisabledCipherSuites()
          Returns the whitespace-separated list of disabled cipher suites.
 String[] getDisabledProtocols()
          Returns the whitespace-separated list of disabled SSL protocols.
 String[] getEnabledCipherSuites()
          Returns the whitespace-separated list of enabled cipher suites.
 String[] getEnabledProtocols()
          Returns the whitespace-separated list of enabled SSL protocols.
 String getKeyManagerAlgorithm()
          Returns the name of the KeyManager algorithm.
 char[] getKeyStoreKeyPassword()
          Returns the password for the key in the keystore (as a String).
 char[] getKeyStorePassword()
          Returns the password for the keystore (as a String).
 String getKeyStorePath()
          Returns the path to the KeyStore file.
 String getKeyStoreProvider()
          Returns the name of the keystore provider.
 String getKeyStoreType()
          Returns the keyStore type of the keystore.
 String getProtocol()
          Returns the secure socket protocol name, "TLS" by default.
 String getSecureRandomAlgorithm()
          Returns the name of the SecureRandom algorithm.
 String[] getSelectedCipherSuites(String[] supportedCipherSuites)
          Returns the selected cipher suites.
 String[] getSelectedSslProtocols(String[] supportedProtocols)
          Returns the selected SSL protocols.
 String getTrustManagerAlgorithm()
          Returns the name of the TrustManager algorithm.
 char[] getTrustStorePassword()
          Returns the password for the trust store keystore.
 String getTrustStorePath()
          Returns the path to the trust store (keystore) file.
 String getTrustStoreProvider()
          Returns the name of the trust store (keystore) provider.
 String getTrustStoreType()
          Returns the KeyStore type of the trust store.
 void init(Series<Parameter> helperParameters)
          Sets the following options according to parameters that may have been set up directly in the HttpsClientHelper or HttpsServerHelper parameters.
 boolean isNeedClientAuthentication()
          Indicates if we require client certificate authentication.
 boolean isWantClientAuthentication()
          Indicates if we would like client certificate authentication.
 void setDisabledCipherSuites(String[] disabledCipherSuites)
          Sets the whitespace-separated list of disabled cipher suites.
 void setDisabledProtocols(String[] disabledProtocols)
          Sets the whitespace-separated list of disabled SSL protocols.
 void setEnabledCipherSuites(String[] enabledCipherSuites)
          Sets the whitespace-separated list of enabled cipher suites.
 void setEnabledProtocols(String[] enabledProtocols)
          Sets the standard name of the protocols to use when creating the SSL sockets or engines.
 void setKeyManagerAlgorithm(String keyManagerAlgorithm)
          Sets the KeyManager algorithm.
 void setKeyStoreKeyPassword(char[] keyStoreKeyPassword)
          Sets the password of the key in the keystore.
 void setKeyStoreKeyPassword(String keyStoreKeyPassword)
          Sets the password of the key in the keystore.
 void setKeyStorePassword(char[] keyStorePassword)
          Sets the keystore password.
 void setKeyStorePassword(String keyStorePassword)
          Sets the keystore password.
 void setKeyStorePath(String keyStorePath)
          Sets the path to the keystore file.
 void setKeyStoreProvider(String keyStoreProvider)
          Sets the name of the keystore provider.
 void setKeyStoreType(String keyStoreType)
          Sets the KeyStore type of the keystore.
 void setNeedClientAuthentication(boolean needClientAuthentication)
          Indicates if we require client certificate authentication.
 void setProtocol(String protocol)
          Sets the secure socket protocol name, "TLS" by default.
 void setSecureRandomAlgorithm(String secureRandomAlgorithm)
          Sets the SecureRandom algorithm.
 void setTrustManagerAlgorithm(String trustManagerAlgorithm)
          Sets the TrustManager algorithm.
 void setTrustStorePassword(char[] trustStorePassword)
          Sets the password of the trust store KeyStore.
 void setTrustStorePassword(String trustStorePassword)
          Sets the password of the trust store KeyStore.
 void setTrustStorePath(String trustStorePath)
          Sets the path to the trust store KeyStore.
 void setTrustStoreProvider(String trustStoreProvider)
          Sets the name of the trust store provider.
 void setTrustStoreType(String trustStoreType)
          Sets the KeyStore type of the trust store.
 void setWantClientAuthentication(boolean wantClientAuthentication)
          Indicates if we would like client certificate authentication.
 
Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

DefaultSslContextFactory

public DefaultSslContextFactory()
Method Detail

clone

protected final DefaultSslContextFactory clone()
                                        throws CloneNotSupportedException
This class is likely to contain sensitive information; cloning is therefore not allowed.

Overrides:
clone in class Object
Throws:
CloneNotSupportedException

createSslContext

public SSLContext createSslContext()
                            throws Exception
Creates a configured and initialized SSLContext from the values set via the various setters of this class. If keyStorePath, keyStoreProvider, keyStoreType are all null, the SSLContext will be initialized with a null array of KeyManagers. Similarly, if trustStorePath, trustStoreProvider, trustStoreType are all null, a null array of TrustManagers will be used.

Specified by:
createSslContext in class SslContextFactory
Returns:
A configured and initialized SSLContext.
Throws:
Exception
See Also:
SSLContext.init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)

createWrapper

protected SSLContext createWrapper(SSLContext sslContext)
Creates a new SSLContext wrapper. Necessary to properly initialize the SSLEngine or SSLSocketFactory or SSLServerSocketFactory created.

Parameters:
sslContext - The SSL context to wrap.
Returns:
The SSL context wrapper.

getDisabledCipherSuites

public String[] getDisabledCipherSuites()
Returns the whitespace-separated list of disabled cipher suites.

Returns:
The whitespace-separated list of disabled cipher suites.

getDisabledProtocols

public String[] getDisabledProtocols()
Returns the whitespace-separated list of disabled SSL protocols.

Returns:
The whitespace-separated list of disabled SSL protocols.

getEnabledCipherSuites

public String[] getEnabledCipherSuites()
Returns the whitespace-separated list of enabled cipher suites.

Returns:
The whitespace-separated list of enabled cipher suites.

getEnabledProtocols

public String[] getEnabledProtocols()
Returns the whitespace-separated list of enabled SSL protocols.

Returns:
The whitespace-separated list of enabled SSL protocols.

getKeyManagerAlgorithm

public String getKeyManagerAlgorithm()
Returns the name of the KeyManager algorithm.

Returns:
The name of the KeyManager algorithm.

getKeyStoreKeyPassword

public char[] getKeyStoreKeyPassword()
Returns the password for the key in the keystore (as a String).

Returns:
The password for the key in the keystore (as a String).

getKeyStorePassword

public char[] getKeyStorePassword()
Returns the password for the keystore (as a String).

Returns:
The password for the keystore (as a String).

getKeyStorePath

public String getKeyStorePath()
Returns the path to the KeyStore file.

Returns:
The path to the KeyStore file.

getKeyStoreProvider

public String getKeyStoreProvider()
Returns the name of the keystore provider.

Returns:
The name of the keystore provider.

getKeyStoreType

public String getKeyStoreType()
Returns the keyStore type of the keystore.

Returns:
The keyStore type of the keystore.

getProtocol

public String getProtocol()
Returns the secure socket protocol name, "TLS" by default.

Returns:
The secure socket protocol.

getSecureRandomAlgorithm

public String getSecureRandomAlgorithm()
Returns the name of the SecureRandom algorithm.

Returns:
The name of the SecureRandom algorithm.

getSelectedCipherSuites

public String[] getSelectedCipherSuites(String[] supportedCipherSuites)
Returns the selected cipher suites. The selection is the subset of supported suites that are both in the enable suites and out of the disabled suites.

Parameters:
supportedCipherSuites - The initial cipher suites to restrict.
Returns:
The selected cipher suites.

getSelectedSslProtocols

public String[] getSelectedSslProtocols(String[] supportedProtocols)
Returns the selected SSL protocols. The selection is the subset of supported protocols whose name starts with the name of of #getSslProtocol() name.

Parameters:
supportedProtocols - The selected SSL protocols.
Returns:
The selected SSL protocols.

getTrustManagerAlgorithm

public String getTrustManagerAlgorithm()
Returns the name of the TrustManager algorithm.

Returns:
The name of the TrustManager algorithm.

getTrustStorePassword

public char[] getTrustStorePassword()
Returns the password for the trust store keystore.

Returns:
The password for the trust store keystore.

getTrustStorePath

public String getTrustStorePath()
Returns the path to the trust store (keystore) file.

Returns:
The path to the trust store (keystore) file.

getTrustStoreProvider

public String getTrustStoreProvider()
Returns the name of the trust store (keystore) provider.

Returns:
The name of the trust store (keystore) provider.

getTrustStoreType

public String getTrustStoreType()
Returns the KeyStore type of the trust store.

Returns:
The KeyStore type of the trust store.

init

public void init(Series<Parameter> helperParameters)
Sets the following options according to parameters that may have been set up directly in the HttpsClientHelper or HttpsServerHelper parameters. See class Javadocs for the list of parameters supported.

Specified by:
init in class SslContextFactory
Parameters:
helperParameters - Typically, the parameters that would have been obtained from HttpsServerHelper.getParameters()

isNeedClientAuthentication

public boolean isNeedClientAuthentication()
Indicates if we require client certificate authentication.

Returns:
True if we require client certificate authentication.

isWantClientAuthentication

public boolean isWantClientAuthentication()
Indicates if we would like client certificate authentication.

Returns:
True if we would like client certificate authentication.

setDisabledCipherSuites

public void setDisabledCipherSuites(String[] disabledCipherSuites)
Sets the whitespace-separated list of disabled cipher suites.

Parameters:
disabledCipherSuites - The whitespace-separated list of disabled cipher suites.

setDisabledProtocols

public void setDisabledProtocols(String[] disabledProtocols)
Sets the whitespace-separated list of disabled SSL protocols.

Parameters:
disabledProtocols - The whitespace-separated list of disabled SSL protocols.

setEnabledCipherSuites

public void setEnabledCipherSuites(String[] enabledCipherSuites)
Sets the whitespace-separated list of enabled cipher suites.

Parameters:
enabledCipherSuites - The whitespace-separated list of enabled cipher suites.

setEnabledProtocols

public void setEnabledProtocols(String[] enabledProtocols)
Sets the standard name of the protocols to use when creating the SSL sockets or engines.

Parameters:
enabledProtocols - The standard name of the protocols to use when creating the SSL sockets or engines.

setKeyManagerAlgorithm

public void setKeyManagerAlgorithm(String keyManagerAlgorithm)
Sets the KeyManager algorithm. The default value is that of the ssl.KeyManagerFactory.algorithm system property, or "SunX509" if the system property has not been set up.

Parameters:
keyManagerAlgorithm - The KeyManager algorithm.

setKeyStoreKeyPassword

public void setKeyStoreKeyPassword(char[] keyStoreKeyPassword)
Sets the password of the key in the keystore. The default value is that of the javax.net.ssl.keyPassword system property, falling back to javax.net.ssl.keyStorePassword. This system property name is not standard.

Parameters:
keyStoreKeyPassword - The password of the key in the keystore.

setKeyStoreKeyPassword

public void setKeyStoreKeyPassword(String keyStoreKeyPassword)
Sets the password of the key in the keystore. The default value is that of the javax.net.ssl.keyPassword system property, falling back to javax.net.ssl.keyStorePassword. This system property name is not standard.

Parameters:
keyStoreKeyPassword - The password of the key in the keystore.

setKeyStorePassword

public void setKeyStorePassword(char[] keyStorePassword)
Sets the keystore password. The default value is that of the javax.net.ssl.keyStorePassword system property.

Parameters:
keyStorePassword - Sets the keystore password.

setKeyStorePassword

public void setKeyStorePassword(String keyStorePassword)
Sets the keystore password. The default value is that of the javax.net.ssl.keyStorePassword system property.

Parameters:
keyStorePassword - Sets the keystore password.

setKeyStorePath

public void setKeyStorePath(String keyStorePath)
Sets the path to the keystore file. The default value is that of the javax.net.ssl.keyStore system property.

Parameters:
keyStorePath - The path to the keystore file.

setKeyStoreProvider

public void setKeyStoreProvider(String keyStoreProvider)
Sets the name of the keystore provider. The default value is that of the javax.net.ssl.keyStoreProvider system property.

Parameters:
keyStoreProvider - The name of the keystore provider.

setKeyStoreType

public void setKeyStoreType(String keyStoreType)
Sets the KeyStore type of the keystore. The default value is that of the javax.net.ssl.keyStoreType system property.

Parameters:
keyStoreType - The KeyStore type of the keystore.

setNeedClientAuthentication

public void setNeedClientAuthentication(boolean needClientAuthentication)
Indicates if we require client certificate authentication. The default value is false.

Parameters:
needClientAuthentication - True if we require client certificate authentication.

setProtocol

public void setProtocol(String protocol)
Sets the secure socket protocol name, "TLS" by default.

Parameters:
protocol - Name of the secure socket protocol to use.

setSecureRandomAlgorithm

public void setSecureRandomAlgorithm(String secureRandomAlgorithm)
Sets the SecureRandom algorithm. The default value is null, in which case the default SecureRandom would be used.

Parameters:
secureRandomAlgorithm - The SecureRandom algorithm.

setTrustManagerAlgorithm

public void setTrustManagerAlgorithm(String trustManagerAlgorithm)
Sets the TrustManager algorithm. The default value is that of the ssl.TrustManagerFactory.algorithm system property, or "SunX509" if the system property has not been set up.

Parameters:
trustManagerAlgorithm - The TrustManager algorithm.

setTrustStorePassword

public void setTrustStorePassword(char[] trustStorePassword)
Sets the password of the trust store KeyStore. The default value is that of the javax.net.ssl.trustStorePassword system property.

Parameters:
trustStorePassword - The password of the trust store KeyStore.

setTrustStorePassword

public void setTrustStorePassword(String trustStorePassword)
Sets the password of the trust store KeyStore. The default value is that of the javax.net.ssl.trustStorePassword system property.

Parameters:
trustStorePassword - The password of the trust store KeyStore.

setTrustStorePath

public void setTrustStorePath(String trustStorePath)
Sets the path to the trust store KeyStore. The default value is that of the javax.net.ssl.trustStore system property.

Parameters:
trustStorePath - The trustStorePath to set

setTrustStoreProvider

public void setTrustStoreProvider(String trustStoreProvider)
Sets the name of the trust store provider. The default value is that of the javax.net.ssl.trustStoreProvider system property.

Parameters:
trustStoreProvider - The name of the trust store provider.

setTrustStoreType

public void setTrustStoreType(String trustStoreType)
Sets the KeyStore type of the trust store. The default value is that of the javax.net.ssl.trustStoreType system property.

Parameters:
trustStoreType - The KeyStore type of the trust store.

setWantClientAuthentication

public void setWantClientAuthentication(boolean wantClientAuthentication)
Indicates if we would like client certificate authentication. The default value is false.

Parameters:
wantClientAuthentication - True if we would like client certificate authentication.


Copyright © 2005-2013 Restlet.