Package tigase.io

Class SSLContextContainer

java.lang.Object

tigase.io.SSLContextContainerAbstract

tigase.io.SSLContextContainer

All Implemented Interfaces:

SSLContextContainerIfc, Initializable, Lifecycle

Direct Known Subclasses:

SSLContextContainer.Root

@Bean(name="sslContextContainer",
      parent=ConnectionManager.class,
      active=true)
public class SSLContextContainer
extends SSLContextContainerAbstract
implements Initializable

Created: Oct 15, 2010 2:40:49 PM

Author:

Artur Hefczyc

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static enum	SSLContextContainer.HARDENED_MODE
static class	SSLContextContainer.HardenedModeVHostItemExtension
static class	SSLContextContainer.HardenedModeVHostItemExtensionProvider
static class	SSLContextContainer.Root

Nested classes/interfaces inherited from class tigase.io.SSLContextContainerAbstract

SSLContextContainerAbstract.SSLHolder

Field Summary

Fields

Modifier and Type	Field	Description
protected EventBus	eventBus
protected Map<String,SSLContextContainerAbstract.SSLHolder>	sslContexts
protected VHostManagerIfc	vHostManager

Fields inherited from interface tigase.io.SSLContextContainerIfc

ALLOW_INVALID_CERTS_KEY, ALLOW_INVALID_CERTS_VAL, ALLOW_SELF_SIGNED_CERTS_KEY, ALLOW_SELF_SIGNED_CERTS_VAL, CERT_ALIAS_KEY, CERT_SAVE_TO_DISK_KEY, DEFAULT_DOMAIN_CERT_KEY, DEFAULT_DOMAIN_CERT_VAL, JKS_KEYSTORE_FILE_KEY, JKS_KEYSTORE_FILE_VAL, JKS_KEYSTORE_PWD_KEY, JKS_KEYSTORE_PWD_VAL, PEM_CERTIFICATE_KEY, SERVER_CERTS_LOCATION_KEY, SERVER_CERTS_LOCATION_VAL, SSL_CONTAINER_CLASS_KEY, SSL_CONTAINER_CLASS_VAL, TRUSTED_CERTS_DIR_KEY, TRUSTED_CERTS_DIR_VAL, TRUSTSTORE_FILE_KEY, TRUSTSTORE_FILE_VAL, TRUSTSTORE_PWD_KEY, TRUSTSTORE_PWD_VAL

Constructor Summary

Constructors

Constructor	Description
SSLContextContainer()	Constructor for bean only
SSLContextContainer(CertificateContainerIfc certContainer)	Constructor used to create root SSLContextContainer instance which should cache only SSLContext instances where array of TrustManagers is not set - common for all ConnectionManagers.
SSLContextContainer(CertificateContainerIfc certContainer, SSLContextContainerIfc parent)	Constructor used to create instances for every ConnectionManager so that every connection manager can have different TrustManagers and SSLContext instance will still be cached.

Method Summary

Modifier and Type	Method	Description
IOInterface	createIoInterface(String protocol, String local_hostname, String remote_hostname, int port, boolean clientMode, boolean wantClientAuth, boolean needClientAuth, ByteOrder byteOrder, TrustManager[] x509TrustManagers, TLSEventHandler eventHandler, IOInterface socketIO, CertificateContainerIfc certificateContainer)
String[]	getEnabledCiphers(String domain)
String[]	getEnabledProtocols(String domain, boolean client)
SSLContext	getSSLContext(String protocol, String hostname, boolean clientMode, TrustManager[] tms)	Method getSSLContext creates and returns new SSLContext for a given domain (hostname).
KeyStore	getTrustStore()	Returns a trust store with all trusted certificates.
void	initialize()	Method will be called, when bean will be created, configured and ready to use.
void	setEnabledCiphers(String[] enabledCiphers)
void	setEnabledProtocols(String[] enabledProtocols)
void	setEphemeralDHKeySize(int ephemeralDHKeySize)
void	setHardenedMode(SSLContextContainer.HARDENED_MODE hardenedMode)
void	setParent(SSLContextContainerIfc parent)
void	setTlsJdkNssBugWorkaround(boolean value)
void	start()
void	stop()

Methods inherited from class tigase.io.SSLContextContainerAbstract

addCertificates, createCertificate, createContextHolder, find, getDefCertAlias, getKeyManagers, getSSLContext, getTrustManagers

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface tigase.io.SSLContextContainerIfc

createIoInterface, getEnabledCiphers, getEnabledProtocols

Field Details

eventBus

@Inject
protected EventBus eventBus

sslContexts

protected Map<String,SSLContextContainerAbstract.SSLHolder> sslContexts

vHostManager

@Inject(nullAllowed=true)
protected VHostManagerIfc vHostManager

Constructor Details

SSLContextContainer

public SSLContextContainer()

Constructor for bean only

SSLContextContainer

public SSLContextContainer(CertificateContainerIfc certContainer)

Constructor used to create root SSLContextContainer instance which should cache only SSLContext instances where array of TrustManagers is not set - common for all ConnectionManagers. This instance is kept by TLSUtil class.

SSLContextContainer

public SSLContextContainer(CertificateContainerIfc certContainer,
 SSLContextContainerIfc parent)

Constructor used to create instances for every ConnectionManager so that every connection manager can have different TrustManagers and SSLContext instance will still be cached.

Method Details

createIoInterface

public IOInterface createIoInterface(String protocol,
 String local_hostname,
 String remote_hostname,
 int port,
 boolean clientMode,
 boolean wantClientAuth,
 boolean needClientAuth,
 ByteOrder byteOrder,
 TrustManager[] x509TrustManagers,
 TLSEventHandler eventHandler,
 IOInterface socketIO,
 CertificateContainerIfc certificateContainer)
                              throws IOException

Specified by:

createIoInterface in interface SSLContextContainerIfc

Throws:

IOException

getEnabledCiphers

public String[] getEnabledCiphers(String domain)

Specified by:

getEnabledCiphers in interface SSLContextContainerIfc

setEnabledCiphers

public void setEnabledCiphers(String[] enabledCiphers)

getEnabledProtocols

public String[] getEnabledProtocols(String domain,
 boolean client)

Specified by:

getEnabledProtocols in interface SSLContextContainerIfc

setEnabledProtocols

public void setEnabledProtocols(String[] enabledProtocols)

setEphemeralDHKeySize

public void setEphemeralDHKeySize(int ephemeralDHKeySize)

getSSLContext

public SSLContext getSSLContext(String protocol,
 String hostname,
 boolean clientMode,
 TrustManager[] tms)

Description copied from interface: SSLContextContainerIfc

Method getSSLContext creates and returns new SSLContext for a given domain (hostname). For creation of the SSLContext a certificate associated with this domain (hostname) should be used. If there is no specific certificate for a given domain then default certificate should be used.

Specified by:

getSSLContext in interface SSLContextContainerIfc

Parameters:

protocol - a String is either 'SSL' or 'TLS' value.

hostname - a String value keeps a hostname or domain for SSLContext.

clientMode - if set SSLContext will be created for client mode (ie. creation of server certificate will be skipped if there is no certificate)

tms - array of TrustManagers which should be used to validate remote certificate

Returns:

a SSLContext value

getTrustStore

public KeyStore getTrustStore()

Description copied from interface: SSLContextContainerIfc

Returns a trust store with all trusted certificates.

Specified by:

getTrustStore in interface SSLContextContainerIfc

Overrides:

getTrustStore in class SSLContextContainerAbstract

Returns:

a KeyStore with all trusted certificates, the KeyStore can be empty but cannot be null.

setHardenedMode

public void setHardenedMode(SSLContextContainer.HARDENED_MODE hardenedMode)

setParent

public void setParent(SSLContextContainerIfc parent)

setTlsJdkNssBugWorkaround

public void setTlsJdkNssBugWorkaround(boolean value)

initialize

public void initialize()

Description copied from interface: Initializable

Method will be called, when bean will be created, configured and ready to use.

Specified by:

initialize in interface Initializable

start

public void start()

Specified by:

start in interface Lifecycle

stop

public void stop()

Specified by:

stop in interface Lifecycle