annotate src/org/eclipse/jetty/util/ssl/SslContextFactory.java @ 1052:4a2489f1d5fe

remove JBuffer.peek()
author Franklin Schmidt <fschmidt@gmail.com>
date Tue, 08 Nov 2016 00:27:16 -0700
parents 35d04ac3fd0b
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1 //
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
2 // ========================================================================
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
3 // Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
4 // ------------------------------------------------------------------------
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
5 // All rights reserved. This program and the accompanying materials
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
6 // are made available under the terms of the Eclipse Public License v1.0
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
7 // and Apache License v2.0 which accompanies this distribution.
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
8 //
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
9 // The Eclipse Public License is available at
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
10 // http://www.eclipse.org/legal/epl-v10.html
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
11 //
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
12 // The Apache License v2.0 is available at
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
13 // http://www.opensource.org/licenses/apache2.0.php
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
14 //
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
15 // You may elect to redistribute this code under either of these licenses.
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
16 // ========================================================================
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
17 //
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
18
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
19 package org.eclipse.jetty.util.ssl;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
20
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
21 import java.io.ByteArrayInputStream;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
22 import java.io.ByteArrayOutputStream;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
23 import java.io.File;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
24 import java.io.IOException;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
25 import java.io.InputStream;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
26 import java.net.InetAddress;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
27 import java.security.InvalidParameterException;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
28 import java.security.KeyStore;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
29 import java.security.SecureRandom;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
30 import java.security.Security;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
31 import java.security.cert.CRL;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
32 import java.security.cert.CertStore;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
33 import java.security.cert.Certificate;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
34 import java.security.cert.CollectionCertStoreParameters;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
35 import java.security.cert.PKIXBuilderParameters;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
36 import java.security.cert.X509CertSelector;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
37 import java.util.Arrays;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
38 import java.util.Collection;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
39 import java.util.Collections;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
40 import java.util.LinkedHashSet;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
41 import java.util.List;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
42 import java.util.Set;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
43 import javax.net.ssl.CertPathTrustManagerParameters;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
44 import javax.net.ssl.KeyManager;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
45 import javax.net.ssl.KeyManagerFactory;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
46 import javax.net.ssl.SSLContext;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
47 import javax.net.ssl.SSLEngine;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
48 import javax.net.ssl.SSLServerSocket;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
49 import javax.net.ssl.SSLServerSocketFactory;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
50 import javax.net.ssl.SSLSocket;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
51 import javax.net.ssl.SSLSocketFactory;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
52 import javax.net.ssl.TrustManager;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
53 import javax.net.ssl.TrustManagerFactory;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
54 import javax.net.ssl.X509KeyManager;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
55 import javax.net.ssl.X509TrustManager;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
56
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
57 import org.eclipse.jetty.util.IO;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
58 import org.eclipse.jetty.util.component.AbstractLifeCycle;
820
8e9db0bbf4f9 remove org.eclipse.jetty.util.log and upgrade slf4j
Franklin Schmidt <fschmidt@gmail.com>
parents: 802
diff changeset
59 import org.slf4j.Logger;
8e9db0bbf4f9 remove org.eclipse.jetty.util.log and upgrade slf4j
Franklin Schmidt <fschmidt@gmail.com>
parents: 802
diff changeset
60 import org.slf4j.LoggerFactory;
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
61 import org.eclipse.jetty.util.resource.Resource;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
62 import org.eclipse.jetty.util.security.CertificateUtils;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
63 import org.eclipse.jetty.util.security.CertificateValidator;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
64 import org.eclipse.jetty.util.security.Password;
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
65
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
66
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
67 /* ------------------------------------------------------------ */
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
68 /**
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
69 * SslContextFactory is used to configure SSL connectors
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
70 * as well as HttpClient. It holds all SSL parameters and
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
71 * creates SSL context based on these parameters to be
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
72 * used by the SSL connectors.
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
73 */
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
74 public class SslContextFactory extends AbstractLifeCycle
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
75 {
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
76 public final static TrustManager[] TRUST_ALL_CERTS = new X509TrustManager[]{new X509TrustManager()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
77 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
78 public java.security.cert.X509Certificate[] getAcceptedIssuers()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
79 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
80 return new java.security.cert.X509Certificate[]{};
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
81 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
82
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
83 public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
84 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
85 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
86
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
87 public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
88 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
89 }
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
90 }};
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
91
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
92 private static final Logger LOG = LoggerFactory.getLogger(SslContextFactory.class);
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
93
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
94 public static final String DEFAULT_KEYMANAGERFACTORY_ALGORITHM =
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
95 (Security.getProperty("ssl.KeyManagerFactory.algorithm") == null ?
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
96 "SunX509" : Security.getProperty("ssl.KeyManagerFactory.algorithm"));
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
97 public static final String DEFAULT_TRUSTMANAGERFACTORY_ALGORITHM =
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
98 (Security.getProperty("ssl.TrustManagerFactory.algorithm") == null ?
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
99 "SunX509" : Security.getProperty("ssl.TrustManagerFactory.algorithm"));
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
100
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
101 /** Default value for the keystore location path. */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
102 public static final String DEFAULT_KEYSTORE_PATH =
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
103 System.getProperty("user.home") + File.separator + ".keystore";
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
104
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
105 /** String name of key password property. */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
106 public static final String KEYPASSWORD_PROPERTY = "org.eclipse.jetty.ssl.keypassword";
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
107
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
108 /** String name of keystore password property. */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
109 public static final String PASSWORD_PROPERTY = "org.eclipse.jetty.ssl.password";
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
110
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
111 /** Excluded protocols. */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
112 private final Set<String> _excludeProtocols = new LinkedHashSet<String>();
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
113 /** Included protocols. */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
114 private Set<String> _includeProtocols = null;
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
115
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
116 /** Excluded cipher suites. */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
117 private final Set<String> _excludeCipherSuites = new LinkedHashSet<String>();
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
118 /** Included cipher suites. */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
119 private Set<String> _includeCipherSuites = null;
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
120
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
121 /** Keystore path. */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
122 private String _keyStorePath;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
123 /** Keystore provider name */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
124 private String _keyStoreProvider;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
125 /** Keystore type */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
126 private String _keyStoreType = "JKS";
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
127 /** Keystore input stream */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
128 private InputStream _keyStoreInputStream;
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
129
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
130 /** SSL certificate alias */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
131 private String _certAlias;
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
132
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
133 /** Truststore path */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
134 private String _trustStorePath;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
135 /** Truststore provider name */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
136 private String _trustStoreProvider;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
137 /** Truststore type */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
138 private String _trustStoreType = "JKS";
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
139 /** Truststore input stream */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
140 private InputStream _trustStoreInputStream;
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
141
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
142 /** Set to true if client certificate authentication is required */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
143 private boolean _needClientAuth = false;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
144 /** Set to true if client certificate authentication is desired */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
145 private boolean _wantClientAuth = false;
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
146
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
147 /** Set to true if renegotiation is allowed */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
148 private boolean _allowRenegotiate = true;
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
149
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
150 /** Keystore password */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
151 private transient Password _keyStorePassword;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
152 /** Key manager password */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
153 private transient Password _keyManagerPassword;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
154 /** Truststore password */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
155 private transient Password _trustStorePassword;
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
156
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
157 /** SSL provider name */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
158 private String _sslProvider;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
159 /** SSL protocol name */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
160 private String _sslProtocol = "TLS";
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
161
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
162 /** SecureRandom algorithm */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
163 private String _secureRandomAlgorithm;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
164 /** KeyManager factory algorithm */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
165 private String _keyManagerFactoryAlgorithm = DEFAULT_KEYMANAGERFACTORY_ALGORITHM;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
166 /** TrustManager factory algorithm */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
167 private String _trustManagerFactoryAlgorithm = DEFAULT_TRUSTMANAGERFACTORY_ALGORITHM;
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
168
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
169 /** Set to true if SSL certificate validation is required */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
170 private boolean _validateCerts;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
171 /** Set to true if SSL certificate of the peer validation is required */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
172 private boolean _validatePeerCerts;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
173 /** Maximum certification path length (n - number of intermediate certs, -1 for unlimited) */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
174 private int _maxCertPathLength = -1;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
175 /** Path to file that contains Certificate Revocation List */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
176 private String _crlPath;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
177 /** Set to true to enable CRL Distribution Points (CRLDP) support */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
178 private boolean _enableCRLDP = false;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
179 /** Set to true to enable On-Line Certificate Status Protocol (OCSP) support */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
180 private boolean _enableOCSP = false;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
181 /** Location of OCSP Responder */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
182 private String _ocspResponderURL;
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
183
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
184 /** SSL keystore */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
185 private KeyStore _keyStore;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
186 /** SSL truststore */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
187 private KeyStore _trustStore;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
188 /** Set to true to enable SSL Session caching */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
189 private boolean _sessionCachingEnabled = true;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
190 /** SSL session cache size */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
191 private int _sslSessionCacheSize;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
192 /** SSL session timeout */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
193 private int _sslSessionTimeout;
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
194
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
195 /** SSL context */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
196 private SSLContext _context;
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
197
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
198 private boolean _trustAll;
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
199
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
200 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
201 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
202 * Construct an instance of SslContextFactory
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
203 * Default constructor for use in XmlConfiguration files
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
204 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
205 public SslContextFactory()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
206 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
207 _trustAll=true;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
208 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
209
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
210 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
211 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
212 * Construct an instance of SslContextFactory
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
213 * Default constructor for use in XmlConfiguration files
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
214 * @param trustAll whether to blindly trust all certificates
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
215 * @see #setTrustAll(boolean)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
216 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
217 public SslContextFactory(boolean trustAll)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
218 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
219 _trustAll=trustAll;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
220 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
221
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
222 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
223 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
224 * Construct an instance of SslContextFactory
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
225 * @param keyStorePath default keystore location
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
226 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
227 public SslContextFactory(String keyStorePath)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
228 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
229 _keyStorePath = keyStorePath;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
230 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
231
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
232 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
233 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
234 * Create the SSLContext object and start the lifecycle
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
235 * @see org.eclipse.jetty.util.component.AbstractLifeCycle#doStart()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
236 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
237 @Override
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
238 protected void doStart() throws Exception
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
239 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
240 if (_context == null)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
241 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
242 if (_keyStore==null && _keyStoreInputStream == null && _keyStorePath == null &&
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
243 _trustStore==null && _trustStoreInputStream == null && _trustStorePath == null )
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
244 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
245 TrustManager[] trust_managers=null;
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
246
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
247 if (_trustAll)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
248 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
249 LOG.debug("No keystore or trust store configured. ACCEPTING UNTRUSTED CERTIFICATES!!!!!");
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
250 // Create a trust manager that does not validate certificate chains
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
251 trust_managers = TRUST_ALL_CERTS;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
252 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
253
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
254 SecureRandom secureRandom = (_secureRandomAlgorithm == null)?null:SecureRandom.getInstance(_secureRandomAlgorithm);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
255 _context = SSLContext.getInstance(_sslProtocol);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
256 _context.init(null, trust_managers, secureRandom);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
257 }
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
258 else
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
259 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
260 // verify that keystore and truststore
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
261 // parameters are set up correctly
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
262 checkKeyStore();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
263
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
264 KeyStore keyStore = loadKeyStore();
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
265 KeyStore trustStore = loadTrustStore();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
266
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
267 Collection<? extends CRL> crls = loadCRL(_crlPath);
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
268
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
269 if (_validateCerts && keyStore != null)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
270 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
271 if (_certAlias == null)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
272 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
273 List<String> aliases = Collections.list(keyStore.aliases());
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
274 _certAlias = aliases.size() == 1 ? aliases.get(0) : null;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
275 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
276
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
277 Certificate cert = _certAlias == null?null:keyStore.getCertificate(_certAlias);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
278 if (cert == null)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
279 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
280 throw new Exception("No certificate found in the keystore" + (_certAlias==null ? "":" for alias " + _certAlias));
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
281 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
282
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
283 CertificateValidator validator = new CertificateValidator(trustStore, crls);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
284 validator.setMaxCertPathLength(_maxCertPathLength);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
285 validator.setEnableCRLDP(_enableCRLDP);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
286 validator.setEnableOCSP(_enableOCSP);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
287 validator.setOcspResponderURL(_ocspResponderURL);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
288 validator.validate(keyStore, cert);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
289 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
290
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
291 KeyManager[] keyManagers = getKeyManagers(keyStore);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
292 TrustManager[] trustManagers = getTrustManagers(trustStore,crls);
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
293
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
294 SecureRandom secureRandom = (_secureRandomAlgorithm == null)?null:SecureRandom.getInstance(_secureRandomAlgorithm);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
295 _context = (_sslProvider == null)?SSLContext.getInstance(_sslProtocol):SSLContext.getInstance(_sslProtocol,_sslProvider);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
296 _context.init(keyManagers,trustManagers,secureRandom);
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
297
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
298 SSLEngine engine=newSslEngine();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
299
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
300 LOG.info("Enabled Protocols {} of {}",Arrays.asList(engine.getEnabledProtocols()),Arrays.asList(engine.getSupportedProtocols()));
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
301 if (LOG.isDebugEnabled())
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
302 LOG.debug("Enabled Ciphers {} of {}",Arrays.asList(engine.getEnabledCipherSuites()),Arrays.asList(engine.getSupportedCipherSuites()));
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
303 }
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
304 }
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
305 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
306
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
307 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
308 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
309 * @return The array of protocol names to exclude from
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
310 * {@link SSLEngine#setEnabledProtocols(String[])}
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
311 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
312 public String[] getExcludeProtocols()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
313 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
314 return _excludeProtocols.toArray(new String[_excludeProtocols.size()]);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
315 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
316
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
317 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
318 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
319 * @param protocols
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
320 * The array of protocol names to exclude from
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
321 * {@link SSLEngine#setEnabledProtocols(String[])}
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
322 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
323 public void setExcludeProtocols(String... protocols)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
324 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
325 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
326
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
327 _excludeProtocols.clear();
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
328 _excludeProtocols.addAll(Arrays.asList(protocols));
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
329 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
330
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
331 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
332 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
333 * @param protocol Protocol names to add to {@link SSLEngine#setEnabledProtocols(String[])}
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
334 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
335 public void addExcludeProtocols(String... protocol)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
336 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
337 checkNotStarted();
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
338 _excludeProtocols.addAll(Arrays.asList(protocol));
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
339 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
340
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
341 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
342 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
343 * @return The array of protocol names to include in
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
344 * {@link SSLEngine#setEnabledProtocols(String[])}
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
345 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
346 public String[] getIncludeProtocols()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
347 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
348 return _includeProtocols.toArray(new String[_includeProtocols.size()]);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
349 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
350
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
351 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
352 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
353 * @param protocols
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
354 * The array of protocol names to include in
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
355 * {@link SSLEngine#setEnabledProtocols(String[])}
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
356 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
357 public void setIncludeProtocols(String... protocols)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
358 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
359 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
360
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
361 _includeProtocols = new LinkedHashSet<String>(Arrays.asList(protocols));
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
362 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
363
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
364 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
365 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
366 * @return The array of cipher suite names to exclude from
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
367 * {@link SSLEngine#setEnabledCipherSuites(String[])}
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
368 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
369 public String[] getExcludeCipherSuites()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
370 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
371 return _excludeCipherSuites.toArray(new String[_excludeCipherSuites.size()]);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
372 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
373
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
374 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
375 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
376 * @param cipherSuites
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
377 * The array of cipher suite names to exclude from
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
378 * {@link SSLEngine#setEnabledCipherSuites(String[])}
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
379 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
380 public void setExcludeCipherSuites(String... cipherSuites)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
381 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
382 checkNotStarted();
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
383 _excludeCipherSuites.clear();
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
384 _excludeCipherSuites.addAll(Arrays.asList(cipherSuites));
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
385 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
386
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
387 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
388 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
389 * @param cipher Cipher names to add to {@link SSLEngine#setEnabledCipherSuites(String[])}
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
390 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
391 public void addExcludeCipherSuites(String... cipher)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
392 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
393 checkNotStarted();
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
394 _excludeCipherSuites.addAll(Arrays.asList(cipher));
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
395 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
396
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
397 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
398 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
399 * @return The array of cipher suite names to include in
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
400 * {@link SSLEngine#setEnabledCipherSuites(String[])}
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
401 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
402 public String[] getIncludeCipherSuites()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
403 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
404 return _includeCipherSuites.toArray(new String[_includeCipherSuites.size()]);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
405 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
406
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
407 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
408 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
409 * @param cipherSuites
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
410 * The array of cipher suite names to include in
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
411 * {@link SSLEngine#setEnabledCipherSuites(String[])}
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
412 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
413 public void setIncludeCipherSuites(String... cipherSuites)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
414 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
415 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
416
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
417 _includeCipherSuites = new LinkedHashSet<String>(Arrays.asList(cipherSuites));
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
418 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
419
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
420 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
421 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
422 * @return The file or URL of the SSL Key store.
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
423 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
424 public String getKeyStorePath()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
425 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
426 return _keyStorePath;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
427 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
428
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
429 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
430 @Deprecated
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
431 public String getKeyStore()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
432 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
433 return _keyStorePath;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
434 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
435
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
436 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
437 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
438 * @param keyStorePath
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
439 * The file or URL of the SSL Key store.
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
440 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
441 public void setKeyStorePath(String keyStorePath)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
442 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
443 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
444
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
445 _keyStorePath = keyStorePath;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
446 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
447
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
448 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
449 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
450 * @param keyStorePath the file system path or URL of the keystore
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
451 * @deprecated Use {@link #setKeyStorePath(String)}
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
452 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
453 @Deprecated
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
454 public void setKeyStore(String keyStorePath)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
455 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
456 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
457
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
458 _keyStorePath = keyStorePath;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
459 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
460
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
461 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
462 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
463 * @return The provider of the key store
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
464 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
465 public String getKeyStoreProvider()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
466 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
467 return _keyStoreProvider;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
468 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
469
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
470 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
471 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
472 * @param keyStoreProvider
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
473 * The provider of the key store
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
474 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
475 public void setKeyStoreProvider(String keyStoreProvider)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
476 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
477 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
478
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
479 _keyStoreProvider = keyStoreProvider;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
480 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
481
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
482 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
483 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
484 * @return The type of the key store (default "JKS")
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
485 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
486 public String getKeyStoreType()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
487 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
488 return (_keyStoreType);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
489 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
490
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
491 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
492 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
493 * @param keyStoreType
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
494 * The type of the key store (default "JKS")
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
495 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
496 public void setKeyStoreType(String keyStoreType)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
497 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
498 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
499
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
500 _keyStoreType = keyStoreType;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
501 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
502
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
503 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
504 /** Get the _keyStoreInputStream.
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
505 * @return the _keyStoreInputStream
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
506 *
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
507 * @deprecated
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
508 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
509 @Deprecated
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
510 public InputStream getKeyStoreInputStream()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
511 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
512 checkKeyStore();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
513
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
514 return _keyStoreInputStream;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
515 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
516
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
517 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
518 /** Set the keyStoreInputStream.
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
519 * @param keyStoreInputStream the InputStream to the KeyStore
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
520 *
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
521 * @deprecated Use {@link #setKeyStore(KeyStore)}
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
522 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
523 @Deprecated
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
524 public void setKeyStoreInputStream(InputStream keyStoreInputStream)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
525 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
526 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
527
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
528 _keyStoreInputStream = keyStoreInputStream;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
529 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
530
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
531 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
532 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
533 * @return Alias of SSL certificate for the connector
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
534 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
535 public String getCertAlias()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
536 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
537 return _certAlias;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
538 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
539
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
540 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
541 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
542 * @param certAlias
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
543 * Alias of SSL certificate for the connector
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
544 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
545 public void setCertAlias(String certAlias)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
546 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
547 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
548
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
549 _certAlias = certAlias;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
550 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
551
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
552 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
553 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
554 * @return The file name or URL of the trust store location
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
555 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
556 public String getTrustStore()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
557 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
558 return _trustStorePath;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
559 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
560
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
561 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
562 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
563 * @param trustStorePath
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
564 * The file name or URL of the trust store location
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
565 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
566 public void setTrustStore(String trustStorePath)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
567 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
568 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
569
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
570 _trustStorePath = trustStorePath;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
571 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
572
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
573 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
574 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
575 * @return The provider of the trust store
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
576 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
577 public String getTrustStoreProvider()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
578 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
579 return _trustStoreProvider;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
580 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
581
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
582 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
583 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
584 * @param trustStoreProvider
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
585 * The provider of the trust store
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
586 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
587 public void setTrustStoreProvider(String trustStoreProvider)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
588 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
589 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
590
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
591 _trustStoreProvider = trustStoreProvider;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
592 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
593
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
594 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
595 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
596 * @return The type of the trust store (default "JKS")
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
597 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
598 public String getTrustStoreType()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
599 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
600 return _trustStoreType;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
601 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
602
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
603 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
604 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
605 * @param trustStoreType
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
606 * The type of the trust store (default "JKS")
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
607 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
608 public void setTrustStoreType(String trustStoreType)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
609 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
610 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
611
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
612 _trustStoreType = trustStoreType;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
613 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
614
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
615 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
616 /** Get the _trustStoreInputStream.
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
617 * @return the _trustStoreInputStream
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
618 *
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
619 * @deprecated
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
620 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
621 @Deprecated
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
622 public InputStream getTrustStoreInputStream()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
623 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
624 checkKeyStore();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
625
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
626 return _trustStoreInputStream;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
627 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
628
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
629 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
630 /** Set the _trustStoreInputStream.
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
631 * @param trustStoreInputStream the InputStream to the TrustStore
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
632 *
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
633 * @deprecated
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
634 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
635 @Deprecated
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
636 public void setTrustStoreInputStream(InputStream trustStoreInputStream)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
637 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
638 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
639
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
640 _trustStoreInputStream = trustStoreInputStream;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
641 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
642
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
643 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
644 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
645 * @return True if SSL needs client authentication.
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
646 * @see SSLEngine#getNeedClientAuth()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
647 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
648 public boolean getNeedClientAuth()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
649 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
650 return _needClientAuth;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
651 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
652
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
653 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
654 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
655 * @param needClientAuth
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
656 * True if SSL needs client authentication.
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
657 * @see SSLEngine#getNeedClientAuth()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
658 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
659 public void setNeedClientAuth(boolean needClientAuth)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
660 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
661 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
662
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
663 _needClientAuth = needClientAuth;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
664 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
665
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
666 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
667 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
668 * @return True if SSL wants client authentication.
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
669 * @see SSLEngine#getWantClientAuth()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
670 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
671 public boolean getWantClientAuth()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
672 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
673 return _wantClientAuth;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
674 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
675
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
676 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
677 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
678 * @param wantClientAuth
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
679 * True if SSL wants client authentication.
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
680 * @see SSLEngine#getWantClientAuth()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
681 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
682 public void setWantClientAuth(boolean wantClientAuth)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
683 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
684 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
685
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
686 _wantClientAuth = wantClientAuth;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
687 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
688
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
689 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
690 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
691 * @return true if SSL certificate has to be validated
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
692 * @deprecated
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
693 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
694 @Deprecated
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
695 public boolean getValidateCerts()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
696 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
697 return _validateCerts;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
698 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
699
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
700 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
701 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
702 * @return true if SSL certificate has to be validated
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
703 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
704 public boolean isValidateCerts()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
705 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
706 return _validateCerts;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
707 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
708
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
709 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
710 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
711 * @param validateCerts
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
712 * true if SSL certificates have to be validated
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
713 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
714 public void setValidateCerts(boolean validateCerts)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
715 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
716 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
717
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
718 _validateCerts = validateCerts;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
719 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
720
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
721 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
722 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
723 * @return true if SSL certificates of the peer have to be validated
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
724 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
725 public boolean isValidatePeerCerts()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
726 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
727 return _validatePeerCerts;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
728 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
729
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
730 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
731 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
732 * @param validatePeerCerts
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
733 * true if SSL certificates of the peer have to be validated
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
734 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
735 public void setValidatePeerCerts(boolean validatePeerCerts)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
736 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
737 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
738
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
739 _validatePeerCerts = validatePeerCerts;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
740 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
741
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
742 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
743 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
744 * @return True if SSL re-negotiation is allowed (default false)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
745 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
746 public boolean isAllowRenegotiate()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
747 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
748 return _allowRenegotiate;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
749 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
750
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
751 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
752 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
753 * Set if SSL re-negotiation is allowed. CVE-2009-3555 discovered
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
754 * a vulnerability in SSL/TLS with re-negotiation. If your JVM
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
755 * does not have CVE-2009-3555 fixed, then re-negotiation should
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
756 * not be allowed. CVE-2009-3555 was fixed in Sun java 1.6 with a ban
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
757 * of renegotiates in u19 and with RFC5746 in u22.
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
758 *
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
759 * @param allowRenegotiate
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
760 * true if re-negotiation is allowed (default false)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
761 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
762 public void setAllowRenegotiate(boolean allowRenegotiate)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
763 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
764 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
765
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
766 _allowRenegotiate = allowRenegotiate;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
767 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
768
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
769 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
770 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
771 * @param password
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
772 * The password for the key store
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
773 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
774 public void setKeyStorePassword(String password)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
775 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
776 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
777
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
778 _keyStorePassword = Password.getPassword(PASSWORD_PROPERTY,password,null);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
779 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
780
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
781 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
782 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
783 * @param password
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
784 * The password (if any) for the specific key within the key store
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
785 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
786 public void setKeyManagerPassword(String password)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
787 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
788 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
789
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
790 _keyManagerPassword = Password.getPassword(KEYPASSWORD_PROPERTY,password,null);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
791 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
792
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
793 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
794 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
795 * @param password
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
796 * The password for the trust store
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
797 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
798 public void setTrustStorePassword(String password)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
799 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
800 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
801
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
802 _trustStorePassword = Password.getPassword(PASSWORD_PROPERTY,password,null);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
803 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
804
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
805 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
806 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
807 * @return The SSL provider name, which if set is passed to
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
808 * {@link SSLContext#getInstance(String, String)}
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
809 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
810 public String getProvider()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
811 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
812 return _sslProvider;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
813 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
814
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
815 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
816 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
817 * @param provider
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
818 * The SSL provider name, which if set is passed to
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
819 * {@link SSLContext#getInstance(String, String)}
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
820 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
821 public void setProvider(String provider)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
822 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
823 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
824
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
825 _sslProvider = provider;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
826 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
827
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
828 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
829 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
830 * @return The SSL protocol (default "TLS") passed to
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
831 * {@link SSLContext#getInstance(String, String)}
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
832 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
833 public String getProtocol()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
834 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
835 return _sslProtocol;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
836 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
837
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
838 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
839 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
840 * @param protocol
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
841 * The SSL protocol (default "TLS") passed to
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
842 * {@link SSLContext#getInstance(String, String)}
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
843 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
844 public void setProtocol(String protocol)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
845 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
846 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
847
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
848 _sslProtocol = protocol;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
849 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
850
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
851 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
852 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
853 * @return The algorithm name, which if set is passed to
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
854 * {@link SecureRandom#getInstance(String)} to obtain the {@link SecureRandom} instance passed to
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
855 * {@link SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)}
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
856 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
857 public String getSecureRandomAlgorithm()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
858 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
859 return _secureRandomAlgorithm;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
860 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
861
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
862 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
863 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
864 * @param algorithm
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
865 * The algorithm name, which if set is passed to
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
866 * {@link SecureRandom#getInstance(String)} to obtain the {@link SecureRandom} instance passed to
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
867 * {@link SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)}
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
868 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
869 public void setSecureRandomAlgorithm(String algorithm)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
870 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
871 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
872
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
873 _secureRandomAlgorithm = algorithm;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
874 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
875
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
876 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
877 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
878 * @return The algorithm name (default "SunX509") used by the {@link KeyManagerFactory}
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
879 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
880 public String getSslKeyManagerFactoryAlgorithm()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
881 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
882 return (_keyManagerFactoryAlgorithm);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
883 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
884
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
885 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
886 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
887 * @param algorithm
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
888 * The algorithm name (default "SunX509") used by the {@link KeyManagerFactory}
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
889 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
890 public void setSslKeyManagerFactoryAlgorithm(String algorithm)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
891 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
892 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
893
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
894 _keyManagerFactoryAlgorithm = algorithm;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
895 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
896
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
897 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
898 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
899 * @return The algorithm name (default "SunX509") used by the {@link TrustManagerFactory}
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
900 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
901 public String getTrustManagerFactoryAlgorithm()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
902 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
903 return (_trustManagerFactoryAlgorithm);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
904 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
905
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
906 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
907 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
908 * @return True if all certificates should be trusted if there is no KeyStore or TrustStore
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
909 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
910 public boolean isTrustAll()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
911 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
912 return _trustAll;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
913 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
914
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
915 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
916 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
917 * @param trustAll True if all certificates should be trusted if there is no KeyStore or TrustStore
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
918 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
919 public void setTrustAll(boolean trustAll)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
920 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
921 _trustAll = trustAll;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
922 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
923
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
924 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
925 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
926 * @param algorithm
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
927 * The algorithm name (default "SunX509") used by the {@link TrustManagerFactory}
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
928 * Use the string "TrustAll" to install a trust manager that trusts all.
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
929 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
930 public void setTrustManagerFactoryAlgorithm(String algorithm)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
931 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
932 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
933
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
934 _trustManagerFactoryAlgorithm = algorithm;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
935 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
936
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
937 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
938 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
939 * @return Path to file that contains Certificate Revocation List
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
940 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
941 public String getCrlPath()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
942 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
943 return _crlPath;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
944 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
945
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
946 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
947 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
948 * @param crlPath
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
949 * Path to file that contains Certificate Revocation List
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
950 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
951 public void setCrlPath(String crlPath)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
952 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
953 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
954
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
955 _crlPath = crlPath;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
956 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
957
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
958 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
959 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
960 * @return Maximum number of intermediate certificates in
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
961 * the certification path (-1 for unlimited)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
962 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
963 public int getMaxCertPathLength()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
964 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
965 return _maxCertPathLength;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
966 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
967
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
968 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
969 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
970 * @param maxCertPathLength
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
971 * maximum number of intermediate certificates in
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
972 * the certification path (-1 for unlimited)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
973 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
974 public void setMaxCertPathLength(int maxCertPathLength)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
975 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
976 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
977
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
978 _maxCertPathLength = maxCertPathLength;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
979 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
980
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
981 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
982 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
983 * @return The SSLContext
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
984 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
985 public SSLContext getSslContext()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
986 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
987 if (!isStarted())
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
988 throw new IllegalStateException(getState());
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
989 return _context;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
990 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
991
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
992 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
993 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
994 * @param sslContext
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
995 * Set a preconfigured SSLContext
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
996 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
997 public void setSslContext(SSLContext sslContext)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
998 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
999 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1000
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1001 _context = sslContext;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1002 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1003
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1004 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1005 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1006 * Override this method to provide alternate way to load a keystore.
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1007 *
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1008 * @return the key store instance
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1009 * @throws Exception if the keystore cannot be loaded
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1010 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1011 protected KeyStore loadKeyStore() throws Exception
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1012 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1013 return _keyStore != null ? _keyStore : getKeyStore(_keyStoreInputStream,
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1014 _keyStorePath, _keyStoreType, _keyStoreProvider,
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1015 _keyStorePassword==null? null: _keyStorePassword.toString());
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1016 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1017
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1018 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1019 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1020 * Override this method to provide alternate way to load a truststore.
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1021 *
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1022 * @return the key store instance
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1023 * @throws Exception if the truststore cannot be loaded
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1024 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1025 protected KeyStore loadTrustStore() throws Exception
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1026 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1027 return _trustStore != null ? _trustStore : getKeyStore(_trustStoreInputStream,
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1028 _trustStorePath, _trustStoreType, _trustStoreProvider,
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1029 _trustStorePassword==null? null: _trustStorePassword.toString());
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1030 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1031
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1032 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1033 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1034 * Loads keystore using an input stream or a file path in the same
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1035 * order of precedence.
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1036 *
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1037 * Required for integrations to be able to override the mechanism
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1038 * used to load a keystore in order to provide their own implementation.
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1039 *
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1040 * @param storeStream keystore input stream
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1041 * @param storePath path of keystore file
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1042 * @param storeType keystore type
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1043 * @param storeProvider keystore provider
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1044 * @param storePassword keystore password
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1045 * @return created keystore
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1046 * @throws Exception if the keystore cannot be obtained
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1047 *
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1048 * @deprecated
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1049 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1050 @Deprecated
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1051 protected KeyStore getKeyStore(InputStream storeStream, String storePath, String storeType, String storeProvider, String storePassword) throws Exception
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1052 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1053 return CertificateUtils.getKeyStore(storeStream, storePath, storeType, storeProvider, storePassword);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1054 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1055
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1056 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1057 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1058 * Loads certificate revocation list (CRL) from a file.
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1059 *
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1060 * Required for integrations to be able to override the mechanism used to
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1061 * load CRL in order to provide their own implementation.
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1062 *
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1063 * @param crlPath path of certificate revocation list file
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1064 * @return Collection of CRL's
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1065 * @throws Exception if the certificate revocation list cannot be loaded
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1066 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1067 protected Collection<? extends CRL> loadCRL(String crlPath) throws Exception
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1068 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1069 return CertificateUtils.loadCRL(crlPath);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1070 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1071
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1072 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1073 protected KeyManager[] getKeyManagers(KeyStore keyStore) throws Exception
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1074 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1075 KeyManager[] managers = null;
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1076
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1077 if (keyStore != null)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1078 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1079 KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(_keyManagerFactoryAlgorithm);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1080 keyManagerFactory.init(keyStore,_keyManagerPassword == null?(_keyStorePassword == null?null:_keyStorePassword.toString().toCharArray()):_keyManagerPassword.toString().toCharArray());
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1081 managers = keyManagerFactory.getKeyManagers();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1082
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1083 if (_certAlias != null)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1084 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1085 for (int idx = 0; idx < managers.length; idx++)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1086 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1087 if (managers[idx] instanceof X509KeyManager)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1088 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1089 managers[idx] = new AliasedX509ExtendedKeyManager(_certAlias,(X509KeyManager)managers[idx]);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1090 }
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1091 }
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1092 }
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1093 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1094
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1095 return managers;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1096 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1097
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1098 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1099 protected TrustManager[] getTrustManagers(KeyStore trustStore, Collection<? extends CRL> crls) throws Exception
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1100 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1101 TrustManager[] managers = null;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1102 if (trustStore != null)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1103 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1104 // Revocation checking is only supported for PKIX algorithm
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1105 if (_validatePeerCerts && _trustManagerFactoryAlgorithm.equalsIgnoreCase("PKIX"))
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1106 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1107 PKIXBuilderParameters pbParams = new PKIXBuilderParameters(trustStore,new X509CertSelector());
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1108
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1109 // Set maximum certification path length
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1110 pbParams.setMaxPathLength(_maxCertPathLength);
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1111
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1112 // Make sure revocation checking is enabled
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1113 pbParams.setRevocationEnabled(true);
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1114
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1115 if (crls != null && !crls.isEmpty())
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1116 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1117 pbParams.addCertStore(CertStore.getInstance("Collection",new CollectionCertStoreParameters(crls)));
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1118 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1119
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1120 if (_enableCRLDP)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1121 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1122 // Enable Certificate Revocation List Distribution Points (CRLDP) support
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1123 System.setProperty("com.sun.security.enableCRLDP","true");
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1124 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1125
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1126 if (_enableOCSP)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1127 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1128 // Enable On-Line Certificate Status Protocol (OCSP) support
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1129 Security.setProperty("ocsp.enable","true");
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1130
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1131 if (_ocspResponderURL != null)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1132 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1133 // Override location of OCSP Responder
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1134 Security.setProperty("ocsp.responderURL", _ocspResponderURL);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1135 }
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1136 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1137
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1138 TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(_trustManagerFactoryAlgorithm);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1139 trustManagerFactory.init(new CertPathTrustManagerParameters(pbParams));
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1140
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1141 managers = trustManagerFactory.getTrustManagers();
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1142 }
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1143 else
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1144 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1145 TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(_trustManagerFactoryAlgorithm);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1146 trustManagerFactory.init(trustStore);
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1147
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1148 managers = trustManagerFactory.getTrustManagers();
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1149 }
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1150 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1151
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1152 return managers;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1153 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1154
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1155 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1156 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1157 * Check KeyStore Configuration. Ensures that if keystore has been
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1158 * configured but there's no truststore, that keystore is
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1159 * used as truststore.
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1160 * @throws IllegalStateException if SslContextFactory configuration can't be used.
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1161 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1162 public void checkKeyStore()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1163 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1164 if (_context != null)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1165 return; //nothing to check if using preconfigured context
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1166
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1167
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1168 if (_keyStore == null && _keyStoreInputStream == null && _keyStorePath == null)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1169 throw new IllegalStateException("SSL doesn't have a valid keystore");
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1170
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1171 // if the keystore has been configured but there is no
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1172 // truststore configured, use the keystore as the truststore
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1173 if (_trustStore == null && _trustStoreInputStream == null && _trustStorePath == null)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1174 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1175 _trustStore = _keyStore;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1176 _trustStorePath = _keyStorePath;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1177 _trustStoreInputStream = _keyStoreInputStream;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1178 _trustStoreType = _keyStoreType;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1179 _trustStoreProvider = _keyStoreProvider;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1180 _trustStorePassword = _keyStorePassword;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1181 _trustManagerFactoryAlgorithm = _keyManagerFactoryAlgorithm;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1182 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1183
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1184 // It's the same stream we cannot read it twice, so read it once in memory
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1185 if (_keyStoreInputStream != null && _keyStoreInputStream == _trustStoreInputStream)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1186 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1187 try
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1188 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1189 ByteArrayOutputStream baos = new ByteArrayOutputStream();
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1190 IO.copy(_keyStoreInputStream, baos);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1191 _keyStoreInputStream.close();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1192
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1193 _keyStoreInputStream = new ByteArrayInputStream(baos.toByteArray());
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1194 _trustStoreInputStream = new ByteArrayInputStream(baos.toByteArray());
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1195 }
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1196 catch (Exception ex)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1197 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1198 throw new IllegalStateException(ex);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1199 }
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1200 }
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1201 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1202
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1203 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1204 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1205 * Select protocols to be used by the connector
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1206 * based on configured inclusion and exclusion lists
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1207 * as well as enabled and supported protocols.
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1208 * @param enabledProtocols Array of enabled protocols
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1209 * @param supportedProtocols Array of supported protocols
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1210 * @return Array of protocols to enable
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1211 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1212 public String[] selectProtocols(String[] enabledProtocols, String[] supportedProtocols)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1213 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1214 Set<String> selected_protocols = new LinkedHashSet<String>();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1215
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1216 // Set the starting protocols - either from the included or enabled list
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1217 if (_includeProtocols!=null)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1218 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1219 // Use only the supported included protocols
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1220 for (String protocol : _includeProtocols)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1221 if(Arrays.asList(supportedProtocols).contains(protocol))
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1222 selected_protocols.add(protocol);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1223 }
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1224 else
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1225 selected_protocols.addAll(Arrays.asList(enabledProtocols));
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1226
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1227
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1228 // Remove any excluded protocols
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1229 if (_excludeProtocols != null)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1230 selected_protocols.removeAll(_excludeProtocols);
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1231
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1232 return selected_protocols.toArray(new String[selected_protocols.size()]);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1233 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1234
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1235 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1236 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1237 * Select cipher suites to be used by the connector
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1238 * based on configured inclusion and exclusion lists
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1239 * as well as enabled and supported cipher suite lists.
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1240 * @param enabledCipherSuites Array of enabled cipher suites
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1241 * @param supportedCipherSuites Array of supported cipher suites
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1242 * @return Array of cipher suites to enable
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1243 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1244 public String[] selectCipherSuites(String[] enabledCipherSuites, String[] supportedCipherSuites)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1245 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1246 Set<String> selected_ciphers = new LinkedHashSet<String>();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1247
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1248 // Set the starting ciphers - either from the included or enabled list
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1249 if (_includeCipherSuites!=null)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1250 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1251 // Use only the supported included ciphers
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1252 for (String cipherSuite : _includeCipherSuites)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1253 if(Arrays.asList(supportedCipherSuites).contains(cipherSuite))
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1254 selected_ciphers.add(cipherSuite);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1255 }
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1256 else
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1257 selected_ciphers.addAll(Arrays.asList(enabledCipherSuites));
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1258
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1259
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1260 // Remove any excluded ciphers
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1261 if (_excludeCipherSuites != null)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1262 selected_ciphers.removeAll(_excludeCipherSuites);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1263 return selected_ciphers.toArray(new String[selected_ciphers.size()]);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1264 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1265
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1266 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1267 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1268 * Check if the lifecycle has been started and throw runtime exception
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1269 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1270 protected void checkNotStarted()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1271 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1272 if (isStarted())
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1273 throw new IllegalStateException("Cannot modify configuration when "+getState());
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1274 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1275
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1276 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1277 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1278 * @return true if CRL Distribution Points support is enabled
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1279 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1280 public boolean isEnableCRLDP()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1281 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1282 return _enableCRLDP;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1283 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1284
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1285 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1286 /** Enables CRL Distribution Points Support
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1287 * @param enableCRLDP true - turn on, false - turns off
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1288 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1289 public void setEnableCRLDP(boolean enableCRLDP)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1290 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1291 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1292
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1293 _enableCRLDP = enableCRLDP;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1294 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1295
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1296 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1297 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1298 * @return true if On-Line Certificate Status Protocol support is enabled
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1299 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1300 public boolean isEnableOCSP()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1301 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1302 return _enableOCSP;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1303 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1304
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1305 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1306 /** Enables On-Line Certificate Status Protocol support
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1307 * @param enableOCSP true - turn on, false - turn off
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1308 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1309 public void setEnableOCSP(boolean enableOCSP)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1310 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1311 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1312
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1313 _enableOCSP = enableOCSP;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1314 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1315
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1316 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1317 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1318 * @return Location of the OCSP Responder
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1319 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1320 public String getOcspResponderURL()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1321 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1322 return _ocspResponderURL;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1323 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1324
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1325 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1326 /** Set the location of the OCSP Responder.
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1327 * @param ocspResponderURL location of the OCSP Responder
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1328 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1329 public void setOcspResponderURL(String ocspResponderURL)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1330 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1331 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1332
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1333 _ocspResponderURL = ocspResponderURL;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1334 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1335
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1336 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1337 /** Set the key store.
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1338 * @param keyStore the key store to set
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1339 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1340 public void setKeyStore(KeyStore keyStore)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1341 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1342 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1343
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1344 _keyStore = keyStore;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1345 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1346
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1347 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1348 /** Set the trust store.
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1349 * @param trustStore the trust store to set
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1350 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1351 public void setTrustStore(KeyStore trustStore)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1352 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1353 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1354
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1355 _trustStore = trustStore;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1356 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1357
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1358 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1359 /** Set the key store resource.
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1360 * @param resource the key store resource to set
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1361 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1362 public void setKeyStoreResource(Resource resource)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1363 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1364 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1365
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1366 try
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1367 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1368 _keyStoreInputStream = resource.getInputStream();
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1369 }
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1370 catch (IOException e)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1371 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1372 throw new InvalidParameterException("Unable to get resource "+
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1373 "input stream for resource "+resource.toString());
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1374 }
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1375 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1376
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1377 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1378 /** Set the trust store resource.
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1379 * @param resource the trust store resource to set
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1380 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1381 public void setTrustStoreResource(Resource resource)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1382 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1383 checkNotStarted();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1384
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1385 try
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1386 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1387 _trustStoreInputStream = resource.getInputStream();
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1388 }
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1389 catch (IOException e)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1390 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1391 throw new InvalidParameterException("Unable to get resource "+
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1392 "input stream for resource "+resource.toString());
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1393 }
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1394 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1395
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1396 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1397 /**
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1398 * @return true if SSL Session caching is enabled
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1399 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1400 public boolean isSessionCachingEnabled()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1401 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1402 return _sessionCachingEnabled;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1403 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1404
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1405 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1406 /** Set the flag to enable SSL Session caching.
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1407 * @param enableSessionCaching the value of the flag
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1408 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1409 public void setSessionCachingEnabled(boolean enableSessionCaching)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1410 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1411 _sessionCachingEnabled = enableSessionCaching;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1412 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1413
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1414 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1415 /** Get SSL session cache size.
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1416 * @return SSL session cache size
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1417 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1418 public int getSslSessionCacheSize()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1419 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1420 return _sslSessionCacheSize;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1421 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1422
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1423 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1424 /** SEt SSL session cache size.
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1425 * @param sslSessionCacheSize SSL session cache size to set
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1426 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1427 public void setSslSessionCacheSize(int sslSessionCacheSize)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1428 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1429 _sslSessionCacheSize = sslSessionCacheSize;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1430 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1431
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1432 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1433 /** Get SSL session timeout.
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1434 * @return SSL session timeout
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1435 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1436 public int getSslSessionTimeout()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1437 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1438 return _sslSessionTimeout;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1439 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1440
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1441 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1442 /** Set SSL session timeout.
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1443 * @param sslSessionTimeout SSL session timeout to set
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1444 */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1445 public void setSslSessionTimeout(int sslSessionTimeout)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1446 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1447 _sslSessionTimeout = sslSessionTimeout;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1448 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1449
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1450
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1451 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1452 public SSLServerSocket newSslServerSocket(String host,int port,int backlog) throws IOException
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1453 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1454 SSLServerSocketFactory factory = _context.getServerSocketFactory();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1455
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1456 SSLServerSocket socket =
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1457 (SSLServerSocket) (host==null ?
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1458 factory.createServerSocket(port,backlog):
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1459 factory.createServerSocket(port,backlog,InetAddress.getByName(host)));
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1460
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1461 if (getWantClientAuth())
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1462 socket.setWantClientAuth(getWantClientAuth());
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1463 if (getNeedClientAuth())
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1464 socket.setNeedClientAuth(getNeedClientAuth());
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1465
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1466 socket.setEnabledCipherSuites(selectCipherSuites(
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1467 socket.getEnabledCipherSuites(),
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1468 socket.getSupportedCipherSuites()));
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1469 socket.setEnabledProtocols(selectProtocols(socket.getEnabledProtocols(),socket.getSupportedProtocols()));
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1470
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1471 return socket;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1472 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1473
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1474 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1475 public SSLSocket newSslSocket() throws IOException
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1476 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1477 SSLSocketFactory factory = _context.getSocketFactory();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1478
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1479 SSLSocket socket = (SSLSocket)factory.createSocket();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1480
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1481 if (getWantClientAuth())
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1482 socket.setWantClientAuth(getWantClientAuth());
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1483 if (getNeedClientAuth())
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1484 socket.setNeedClientAuth(getNeedClientAuth());
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1485
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1486 socket.setEnabledCipherSuites(selectCipherSuites(
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1487 socket.getEnabledCipherSuites(),
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1488 socket.getSupportedCipherSuites()));
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1489 socket.setEnabledProtocols(selectProtocols(socket.getEnabledProtocols(),socket.getSupportedProtocols()));
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1490
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1491 return socket;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1492 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1493
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1494 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1495 public SSLEngine newSslEngine(String host,int port)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1496 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1497 SSLEngine sslEngine=isSessionCachingEnabled()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1498 ?_context.createSSLEngine(host, port)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1499 :_context.createSSLEngine();
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1500
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1501 customize(sslEngine);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1502 return sslEngine;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1503 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1504
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1505 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1506 public SSLEngine newSslEngine()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1507 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1508 SSLEngine sslEngine=_context.createSSLEngine();
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1509 customize(sslEngine);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1510 return sslEngine;
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1511 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1512
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1513 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1514 public void customize(SSLEngine sslEngine)
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1515 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1516 if (getWantClientAuth())
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1517 sslEngine.setWantClientAuth(getWantClientAuth());
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1518 if (getNeedClientAuth())
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1519 sslEngine.setNeedClientAuth(getNeedClientAuth());
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1520
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1521 sslEngine.setEnabledCipherSuites(selectCipherSuites(
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1522 sslEngine.getEnabledCipherSuites(),
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1523 sslEngine.getSupportedCipherSuites()));
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1524
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1525 sslEngine.setEnabledProtocols(selectProtocols(sslEngine.getEnabledProtocols(),sslEngine.getSupportedProtocols()));
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1526 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1527
1002
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1528 /* ------------------------------------------------------------ */
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1529 public String toString()
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1530 {
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1531 return String.format("%s@%x(%s,%s)",
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1532 getClass().getSimpleName(),
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1533 hashCode(),
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1534 _keyStorePath,
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1535 _trustStorePath);
35d04ac3fd0b simplify ssl
Franklin Schmidt <fschmidt@gmail.com>
parents: 820
diff changeset
1536 }
802
3428c60d7cfc replace jetty jars with source
Franklin Schmidt <fschmidt@gmail.com>
parents:
diff changeset
1537 }