diff src/org/eclipse/jetty/util/ssl/SslContextFactory.java @ 1002:35d04ac3fd0b

simplify ssl
author Franklin Schmidt <fschmidt@gmail.com>
date Sat, 22 Oct 2016 21:56:44 -0600
parents 8e9db0bbf4f9
children
line wrap: on
line diff
--- a/src/org/eclipse/jetty/util/ssl/SslContextFactory.java	Sat Oct 22 20:56:41 2016 -0600
+++ b/src/org/eclipse/jetty/util/ssl/SslContextFactory.java	Sat Oct 22 21:56:44 2016 -0600
@@ -73,1465 +73,1465 @@
  */
 public class SslContextFactory extends AbstractLifeCycle
 {
-    public final static TrustManager[] TRUST_ALL_CERTS = new X509TrustManager[]{new X509TrustManager()
-    {
-        public java.security.cert.X509Certificate[] getAcceptedIssuers()
-        {
-            return new java.security.cert.X509Certificate[]{};
-        }
+	public final static TrustManager[] TRUST_ALL_CERTS = new X509TrustManager[]{new X509TrustManager()
+	{
+		public java.security.cert.X509Certificate[] getAcceptedIssuers()
+		{
+			return new java.security.cert.X509Certificate[]{};
+		}
 
-        public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType)
-        {
-        }
+		public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType)
+		{
+		}
 
-        public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType)
-        {
-        }
-    }};
+		public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType)
+		{
+		}
+	}};
 
-    private static final Logger LOG = LoggerFactory.getLogger(SslContextFactory.class);
+	private static final Logger LOG = LoggerFactory.getLogger(SslContextFactory.class);
 
-    public static final String DEFAULT_KEYMANAGERFACTORY_ALGORITHM =
-        (Security.getProperty("ssl.KeyManagerFactory.algorithm") == null ?
-                "SunX509" : Security.getProperty("ssl.KeyManagerFactory.algorithm"));
-    public static final String DEFAULT_TRUSTMANAGERFACTORY_ALGORITHM =
-        (Security.getProperty("ssl.TrustManagerFactory.algorithm") == null ?
-                "SunX509" : Security.getProperty("ssl.TrustManagerFactory.algorithm"));
+	public static final String DEFAULT_KEYMANAGERFACTORY_ALGORITHM =
+		(Security.getProperty("ssl.KeyManagerFactory.algorithm") == null ?
+				"SunX509" : Security.getProperty("ssl.KeyManagerFactory.algorithm"));
+	public static final String DEFAULT_TRUSTMANAGERFACTORY_ALGORITHM =
+		(Security.getProperty("ssl.TrustManagerFactory.algorithm") == null ?
+				"SunX509" : Security.getProperty("ssl.TrustManagerFactory.algorithm"));
 
-    /** Default value for the keystore location path. */
-    public static final String DEFAULT_KEYSTORE_PATH =
-        System.getProperty("user.home") + File.separator + ".keystore";
+	/** Default value for the keystore location path. */
+	public static final String DEFAULT_KEYSTORE_PATH =
+		System.getProperty("user.home") + File.separator + ".keystore";
 
-    /** String name of key password property. */
-    public static final String KEYPASSWORD_PROPERTY = "org.eclipse.jetty.ssl.keypassword";
+	/** String name of key password property. */
+	public static final String KEYPASSWORD_PROPERTY = "org.eclipse.jetty.ssl.keypassword";
 
-    /** String name of keystore password property. */
-    public static final String PASSWORD_PROPERTY = "org.eclipse.jetty.ssl.password";
+	/** String name of keystore password property. */
+	public static final String PASSWORD_PROPERTY = "org.eclipse.jetty.ssl.password";
 
-    /** Excluded protocols. */
-    private final Set<String> _excludeProtocols = new LinkedHashSet<String>();
-    /** Included protocols. */
-    private Set<String> _includeProtocols = null;
+	/** Excluded protocols. */
+	private final Set<String> _excludeProtocols = new LinkedHashSet<String>();
+	/** Included protocols. */
+	private Set<String> _includeProtocols = null;
 
-    /** Excluded cipher suites. */
-    private final Set<String> _excludeCipherSuites = new LinkedHashSet<String>();
-    /** Included cipher suites. */
-    private Set<String> _includeCipherSuites = null;
+	/** Excluded cipher suites. */
+	private final Set<String> _excludeCipherSuites = new LinkedHashSet<String>();
+	/** Included cipher suites. */
+	private Set<String> _includeCipherSuites = null;
 
-    /** Keystore path. */
-    private String _keyStorePath;
-    /** Keystore provider name */
-    private String _keyStoreProvider;
-    /** Keystore type */
-    private String _keyStoreType = "JKS";
-    /** Keystore input stream */
-    private InputStream _keyStoreInputStream;
+	/** Keystore path. */
+	private String _keyStorePath;
+	/** Keystore provider name */
+	private String _keyStoreProvider;
+	/** Keystore type */
+	private String _keyStoreType = "JKS";
+	/** Keystore input stream */
+	private InputStream _keyStoreInputStream;
 
-    /** SSL certificate alias */
-    private String _certAlias;
+	/** SSL certificate alias */
+	private String _certAlias;
 
-    /** Truststore path */
-    private String _trustStorePath;
-    /** Truststore provider name */
-    private String _trustStoreProvider;
-    /** Truststore type */
-    private String _trustStoreType = "JKS";
-    /** Truststore input stream */
-    private InputStream _trustStoreInputStream;
+	/** Truststore path */
+	private String _trustStorePath;
+	/** Truststore provider name */
+	private String _trustStoreProvider;
+	/** Truststore type */
+	private String _trustStoreType = "JKS";
+	/** Truststore input stream */
+	private InputStream _trustStoreInputStream;
 
-    /** Set to true if client certificate authentication is required */
-    private boolean _needClientAuth = false;
-    /** Set to true if client certificate authentication is desired */
-    private boolean _wantClientAuth = false;
+	/** Set to true if client certificate authentication is required */
+	private boolean _needClientAuth = false;
+	/** Set to true if client certificate authentication is desired */
+	private boolean _wantClientAuth = false;
 
-    /** Set to true if renegotiation is allowed */
-    private boolean _allowRenegotiate = true;
+	/** Set to true if renegotiation is allowed */
+	private boolean _allowRenegotiate = true;
 
-    /** Keystore password */
-    private transient Password _keyStorePassword;
-    /** Key manager password */
-    private transient Password _keyManagerPassword;
-    /** Truststore password */
-    private transient Password _trustStorePassword;
+	/** Keystore password */
+	private transient Password _keyStorePassword;
+	/** Key manager password */
+	private transient Password _keyManagerPassword;
+	/** Truststore password */
+	private transient Password _trustStorePassword;
 
-    /** SSL provider name */
-    private String _sslProvider;
-    /** SSL protocol name */
-    private String _sslProtocol = "TLS";
+	/** SSL provider name */
+	private String _sslProvider;
+	/** SSL protocol name */
+	private String _sslProtocol = "TLS";
 
-    /** SecureRandom algorithm */
-    private String _secureRandomAlgorithm;
-    /** KeyManager factory algorithm */
-    private String _keyManagerFactoryAlgorithm = DEFAULT_KEYMANAGERFACTORY_ALGORITHM;
-    /** TrustManager factory algorithm */
-    private String _trustManagerFactoryAlgorithm = DEFAULT_TRUSTMANAGERFACTORY_ALGORITHM;
+	/** SecureRandom algorithm */
+	private String _secureRandomAlgorithm;
+	/** KeyManager factory algorithm */
+	private String _keyManagerFactoryAlgorithm = DEFAULT_KEYMANAGERFACTORY_ALGORITHM;
+	/** TrustManager factory algorithm */
+	private String _trustManagerFactoryAlgorithm = DEFAULT_TRUSTMANAGERFACTORY_ALGORITHM;
 
-    /** Set to true if SSL certificate validation is required */
-    private boolean _validateCerts;
-    /** Set to true if SSL certificate of the peer validation is required */
-    private boolean _validatePeerCerts;
-    /** Maximum certification path length (n - number of intermediate certs, -1 for unlimited) */
-    private int _maxCertPathLength = -1;
-    /** Path to file that contains Certificate Revocation List */
-    private String _crlPath;
-    /** Set to true to enable CRL Distribution Points (CRLDP) support */
-    private boolean _enableCRLDP = false;
-    /** Set to true to enable On-Line Certificate Status Protocol (OCSP) support */
-    private boolean _enableOCSP = false;
-    /** Location of OCSP Responder */
-    private String _ocspResponderURL;
+	/** Set to true if SSL certificate validation is required */
+	private boolean _validateCerts;
+	/** Set to true if SSL certificate of the peer validation is required */
+	private boolean _validatePeerCerts;
+	/** Maximum certification path length (n - number of intermediate certs, -1 for unlimited) */
+	private int _maxCertPathLength = -1;
+	/** Path to file that contains Certificate Revocation List */
+	private String _crlPath;
+	/** Set to true to enable CRL Distribution Points (CRLDP) support */
+	private boolean _enableCRLDP = false;
+	/** Set to true to enable On-Line Certificate Status Protocol (OCSP) support */
+	private boolean _enableOCSP = false;
+	/** Location of OCSP Responder */
+	private String _ocspResponderURL;
 
-    /** SSL keystore */
-    private KeyStore _keyStore;
-    /** SSL truststore */
-    private KeyStore _trustStore;
-    /** Set to true to enable SSL Session caching */
-    private boolean _sessionCachingEnabled = true;
-    /** SSL session cache size */
-    private int _sslSessionCacheSize;
-    /** SSL session timeout */
-    private int _sslSessionTimeout;
+	/** SSL keystore */
+	private KeyStore _keyStore;
+	/** SSL truststore */
+	private KeyStore _trustStore;
+	/** Set to true to enable SSL Session caching */
+	private boolean _sessionCachingEnabled = true;
+	/** SSL session cache size */
+	private int _sslSessionCacheSize;
+	/** SSL session timeout */
+	private int _sslSessionTimeout;
 
-    /** SSL context */
-    private SSLContext _context;
+	/** SSL context */
+	private SSLContext _context;
 
-    private boolean _trustAll;
+	private boolean _trustAll;
 
-    /* ------------------------------------------------------------ */
-    /**
-     * Construct an instance of SslContextFactory
-     * Default constructor for use in XmlConfiguration files
-     */
-    public SslContextFactory()
-    {
-        _trustAll=true;
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * Construct an instance of SslContextFactory
+	 * Default constructor for use in XmlConfiguration files
+	 */
+	public SslContextFactory()
+	{
+		_trustAll=true;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * Construct an instance of SslContextFactory
-     * Default constructor for use in XmlConfiguration files
-     * @param trustAll whether to blindly trust all certificates
-     * @see #setTrustAll(boolean)
-     */
-    public SslContextFactory(boolean trustAll)
-    {
-        _trustAll=trustAll;
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * Construct an instance of SslContextFactory
+	 * Default constructor for use in XmlConfiguration files
+	 * @param trustAll whether to blindly trust all certificates
+	 * @see #setTrustAll(boolean)
+	 */
+	public SslContextFactory(boolean trustAll)
+	{
+		_trustAll=trustAll;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * Construct an instance of SslContextFactory
-     * @param keyStorePath default keystore location
-     */
-    public SslContextFactory(String keyStorePath)
-    {
-        _keyStorePath = keyStorePath;
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * Construct an instance of SslContextFactory
+	 * @param keyStorePath default keystore location
+	 */
+	public SslContextFactory(String keyStorePath)
+	{
+		_keyStorePath = keyStorePath;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * Create the SSLContext object and start the lifecycle
-     * @see org.eclipse.jetty.util.component.AbstractLifeCycle#doStart()
-     */
-    @Override
-    protected void doStart() throws Exception
-    {
-        if (_context == null)
-        {
-            if (_keyStore==null && _keyStoreInputStream == null && _keyStorePath == null &&
-                _trustStore==null && _trustStoreInputStream == null && _trustStorePath == null )
-            {
-                TrustManager[] trust_managers=null;
+	/* ------------------------------------------------------------ */
+	/**
+	 * Create the SSLContext object and start the lifecycle
+	 * @see org.eclipse.jetty.util.component.AbstractLifeCycle#doStart()
+	 */
+	@Override
+	protected void doStart() throws Exception
+	{
+		if (_context == null)
+		{
+			if (_keyStore==null && _keyStoreInputStream == null && _keyStorePath == null &&
+				_trustStore==null && _trustStoreInputStream == null && _trustStorePath == null )
+			{
+				TrustManager[] trust_managers=null;
 
-                if (_trustAll)
-                {
-                    LOG.debug("No keystore or trust store configured.  ACCEPTING UNTRUSTED CERTIFICATES!!!!!");
-                    // Create a trust manager that does not validate certificate chains
-                    trust_managers = TRUST_ALL_CERTS;
-                }
+				if (_trustAll)
+				{
+					LOG.debug("No keystore or trust store configured.  ACCEPTING UNTRUSTED CERTIFICATES!!!!!");
+					// Create a trust manager that does not validate certificate chains
+					trust_managers = TRUST_ALL_CERTS;
+				}
 
-                SecureRandom secureRandom = (_secureRandomAlgorithm == null)?null:SecureRandom.getInstance(_secureRandomAlgorithm);
-                _context = SSLContext.getInstance(_sslProtocol);
-                _context.init(null, trust_managers, secureRandom);
-            }
-            else
-            {
-                // verify that keystore and truststore
-                // parameters are set up correctly
-                checkKeyStore();
+				SecureRandom secureRandom = (_secureRandomAlgorithm == null)?null:SecureRandom.getInstance(_secureRandomAlgorithm);
+				_context = SSLContext.getInstance(_sslProtocol);
+				_context.init(null, trust_managers, secureRandom);
+			}
+			else
+			{
+				// verify that keystore and truststore
+				// parameters are set up correctly
+				checkKeyStore();
 
-                KeyStore keyStore = loadKeyStore();
-                KeyStore trustStore = loadTrustStore();
+				KeyStore keyStore = loadKeyStore();
+				KeyStore trustStore = loadTrustStore();
 
-                Collection<? extends CRL> crls = loadCRL(_crlPath);
+				Collection<? extends CRL> crls = loadCRL(_crlPath);
 
-                if (_validateCerts && keyStore != null)
-                {
-                    if (_certAlias == null)
-                    {
-                        List<String> aliases = Collections.list(keyStore.aliases());
-                        _certAlias = aliases.size() == 1 ? aliases.get(0) : null;
-                    }
+				if (_validateCerts && keyStore != null)
+				{
+					if (_certAlias == null)
+					{
+						List<String> aliases = Collections.list(keyStore.aliases());
+						_certAlias = aliases.size() == 1 ? aliases.get(0) : null;
+					}
 
-                    Certificate cert = _certAlias == null?null:keyStore.getCertificate(_certAlias);
-                    if (cert == null)
-                    {
-                        throw new Exception("No certificate found in the keystore" + (_certAlias==null ? "":" for alias " + _certAlias));
-                    }
+					Certificate cert = _certAlias == null?null:keyStore.getCertificate(_certAlias);
+					if (cert == null)
+					{
+						throw new Exception("No certificate found in the keystore" + (_certAlias==null ? "":" for alias " + _certAlias));
+					}
 
-                    CertificateValidator validator = new CertificateValidator(trustStore, crls);
-                    validator.setMaxCertPathLength(_maxCertPathLength);
-                    validator.setEnableCRLDP(_enableCRLDP);
-                    validator.setEnableOCSP(_enableOCSP);
-                    validator.setOcspResponderURL(_ocspResponderURL);
-                    validator.validate(keyStore, cert);
-                }
+					CertificateValidator validator = new CertificateValidator(trustStore, crls);
+					validator.setMaxCertPathLength(_maxCertPathLength);
+					validator.setEnableCRLDP(_enableCRLDP);
+					validator.setEnableOCSP(_enableOCSP);
+					validator.setOcspResponderURL(_ocspResponderURL);
+					validator.validate(keyStore, cert);
+				}
 
-                KeyManager[] keyManagers = getKeyManagers(keyStore);
-                TrustManager[] trustManagers = getTrustManagers(trustStore,crls);
+				KeyManager[] keyManagers = getKeyManagers(keyStore);
+				TrustManager[] trustManagers = getTrustManagers(trustStore,crls);
 
-                SecureRandom secureRandom = (_secureRandomAlgorithm == null)?null:SecureRandom.getInstance(_secureRandomAlgorithm);
-                _context = (_sslProvider == null)?SSLContext.getInstance(_sslProtocol):SSLContext.getInstance(_sslProtocol,_sslProvider);
-                _context.init(keyManagers,trustManagers,secureRandom);
+				SecureRandom secureRandom = (_secureRandomAlgorithm == null)?null:SecureRandom.getInstance(_secureRandomAlgorithm);
+				_context = (_sslProvider == null)?SSLContext.getInstance(_sslProtocol):SSLContext.getInstance(_sslProtocol,_sslProvider);
+				_context.init(keyManagers,trustManagers,secureRandom);
 
-                SSLEngine engine=newSslEngine();
+				SSLEngine engine=newSslEngine();
 
-                LOG.info("Enabled Protocols {} of {}",Arrays.asList(engine.getEnabledProtocols()),Arrays.asList(engine.getSupportedProtocols()));
-                if (LOG.isDebugEnabled())
-                    LOG.debug("Enabled Ciphers   {} of {}",Arrays.asList(engine.getEnabledCipherSuites()),Arrays.asList(engine.getSupportedCipherSuites()));
-            }
-        }
-    }
+				LOG.info("Enabled Protocols {} of {}",Arrays.asList(engine.getEnabledProtocols()),Arrays.asList(engine.getSupportedProtocols()));
+				if (LOG.isDebugEnabled())
+					LOG.debug("Enabled Ciphers   {} of {}",Arrays.asList(engine.getEnabledCipherSuites()),Arrays.asList(engine.getSupportedCipherSuites()));
+			}
+		}
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @return The array of protocol names to exclude from
-     * {@link SSLEngine#setEnabledProtocols(String[])}
-     */
-    public String[] getExcludeProtocols()
-    {
-        return _excludeProtocols.toArray(new String[_excludeProtocols.size()]);
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * @return The array of protocol names to exclude from
+	 * {@link SSLEngine#setEnabledProtocols(String[])}
+	 */
+	public String[] getExcludeProtocols()
+	{
+		return _excludeProtocols.toArray(new String[_excludeProtocols.size()]);
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @param protocols
-     *            The array of protocol names to exclude from
-     *            {@link SSLEngine#setEnabledProtocols(String[])}
-     */
-    public void setExcludeProtocols(String... protocols)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/**
+	 * @param protocols
+	 *            The array of protocol names to exclude from
+	 *            {@link SSLEngine#setEnabledProtocols(String[])}
+	 */
+	public void setExcludeProtocols(String... protocols)
+	{
+		checkNotStarted();
 
-        _excludeProtocols.clear();
-        _excludeProtocols.addAll(Arrays.asList(protocols));
-    }
+		_excludeProtocols.clear();
+		_excludeProtocols.addAll(Arrays.asList(protocols));
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @param protocol Protocol names to add to {@link SSLEngine#setEnabledProtocols(String[])}
-     */
-    public void addExcludeProtocols(String... protocol)
-    {
-        checkNotStarted();
-        _excludeProtocols.addAll(Arrays.asList(protocol));
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * @param protocol Protocol names to add to {@link SSLEngine#setEnabledProtocols(String[])}
+	 */
+	public void addExcludeProtocols(String... protocol)
+	{
+		checkNotStarted();
+		_excludeProtocols.addAll(Arrays.asList(protocol));
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @return The array of protocol names to include in
-     * {@link SSLEngine#setEnabledProtocols(String[])}
-     */
-    public String[] getIncludeProtocols()
-    {
-        return _includeProtocols.toArray(new String[_includeProtocols.size()]);
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * @return The array of protocol names to include in
+	 * {@link SSLEngine#setEnabledProtocols(String[])}
+	 */
+	public String[] getIncludeProtocols()
+	{
+		return _includeProtocols.toArray(new String[_includeProtocols.size()]);
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @param protocols
-     *            The array of protocol names to include in
-     *            {@link SSLEngine#setEnabledProtocols(String[])}
-     */
-    public void setIncludeProtocols(String... protocols)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/**
+	 * @param protocols
+	 *            The array of protocol names to include in
+	 *            {@link SSLEngine#setEnabledProtocols(String[])}
+	 */
+	public void setIncludeProtocols(String... protocols)
+	{
+		checkNotStarted();
 
-        _includeProtocols = new LinkedHashSet<String>(Arrays.asList(protocols));
-    }
+		_includeProtocols = new LinkedHashSet<String>(Arrays.asList(protocols));
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @return The array of cipher suite names to exclude from
-     * {@link SSLEngine#setEnabledCipherSuites(String[])}
-     */
-    public String[] getExcludeCipherSuites()
-    {
-        return _excludeCipherSuites.toArray(new String[_excludeCipherSuites.size()]);
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * @return The array of cipher suite names to exclude from
+	 * {@link SSLEngine#setEnabledCipherSuites(String[])}
+	 */
+	public String[] getExcludeCipherSuites()
+	{
+		return _excludeCipherSuites.toArray(new String[_excludeCipherSuites.size()]);
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @param cipherSuites
-     *            The array of cipher suite names to exclude from
-     *            {@link SSLEngine#setEnabledCipherSuites(String[])}
-     */
-    public void setExcludeCipherSuites(String... cipherSuites)
-    {
-        checkNotStarted();
-        _excludeCipherSuites.clear();
-        _excludeCipherSuites.addAll(Arrays.asList(cipherSuites));
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * @param cipherSuites
+	 *            The array of cipher suite names to exclude from
+	 *            {@link SSLEngine#setEnabledCipherSuites(String[])}
+	 */
+	public void setExcludeCipherSuites(String... cipherSuites)
+	{
+		checkNotStarted();
+		_excludeCipherSuites.clear();
+		_excludeCipherSuites.addAll(Arrays.asList(cipherSuites));
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @param cipher Cipher names to add to {@link SSLEngine#setEnabledCipherSuites(String[])}
-     */
-    public void addExcludeCipherSuites(String... cipher)
-    {
-        checkNotStarted();
-        _excludeCipherSuites.addAll(Arrays.asList(cipher));
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * @param cipher Cipher names to add to {@link SSLEngine#setEnabledCipherSuites(String[])}
+	 */
+	public void addExcludeCipherSuites(String... cipher)
+	{
+		checkNotStarted();
+		_excludeCipherSuites.addAll(Arrays.asList(cipher));
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @return The array of cipher suite names to include in
-     * {@link SSLEngine#setEnabledCipherSuites(String[])}
-     */
-    public String[] getIncludeCipherSuites()
-    {
-        return _includeCipherSuites.toArray(new String[_includeCipherSuites.size()]);
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * @return The array of cipher suite names to include in
+	 * {@link SSLEngine#setEnabledCipherSuites(String[])}
+	 */
+	public String[] getIncludeCipherSuites()
+	{
+		return _includeCipherSuites.toArray(new String[_includeCipherSuites.size()]);
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @param cipherSuites
-     *            The array of cipher suite names to include in
-     *            {@link SSLEngine#setEnabledCipherSuites(String[])}
-     */
-    public void setIncludeCipherSuites(String... cipherSuites)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/**
+	 * @param cipherSuites
+	 *            The array of cipher suite names to include in
+	 *            {@link SSLEngine#setEnabledCipherSuites(String[])}
+	 */
+	public void setIncludeCipherSuites(String... cipherSuites)
+	{
+		checkNotStarted();
 
-        _includeCipherSuites = new LinkedHashSet<String>(Arrays.asList(cipherSuites));
-    }
+		_includeCipherSuites = new LinkedHashSet<String>(Arrays.asList(cipherSuites));
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @return The file or URL of the SSL Key store.
-     */
-    public String getKeyStorePath()
-    {
-        return _keyStorePath;
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * @return The file or URL of the SSL Key store.
+	 */
+	public String getKeyStorePath()
+	{
+		return _keyStorePath;
+	}
 
-    /* ------------------------------------------------------------ */
-    @Deprecated
-    public String getKeyStore()
-    {
-        return _keyStorePath;
-    }
+	/* ------------------------------------------------------------ */
+	@Deprecated
+	public String getKeyStore()
+	{
+		return _keyStorePath;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @param keyStorePath
-     *            The file or URL of the SSL Key store.
-     */
-    public void setKeyStorePath(String keyStorePath)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/**
+	 * @param keyStorePath
+	 *            The file or URL of the SSL Key store.
+	 */
+	public void setKeyStorePath(String keyStorePath)
+	{
+		checkNotStarted();
 
-        _keyStorePath = keyStorePath;
-    }
+		_keyStorePath = keyStorePath;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @param keyStorePath the file system path or URL of the keystore
-     * @deprecated Use {@link #setKeyStorePath(String)}
-     */
-    @Deprecated
-    public void setKeyStore(String keyStorePath)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/**
+	 * @param keyStorePath the file system path or URL of the keystore
+	 * @deprecated Use {@link #setKeyStorePath(String)}
+	 */
+	@Deprecated
+	public void setKeyStore(String keyStorePath)
+	{
+		checkNotStarted();
 
-        _keyStorePath = keyStorePath;
-    }
+		_keyStorePath = keyStorePath;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @return The provider of the key store
-     */
-    public String getKeyStoreProvider()
-    {
-        return _keyStoreProvider;
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * @return The provider of the key store
+	 */
+	public String getKeyStoreProvider()
+	{
+		return _keyStoreProvider;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @param keyStoreProvider
-     *            The provider of the key store
-     */
-    public void setKeyStoreProvider(String keyStoreProvider)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/**
+	 * @param keyStoreProvider
+	 *            The provider of the key store
+	 */
+	public void setKeyStoreProvider(String keyStoreProvider)
+	{
+		checkNotStarted();
 
-        _keyStoreProvider = keyStoreProvider;
-    }
+		_keyStoreProvider = keyStoreProvider;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @return The type of the key store (default "JKS")
-     */
-    public String getKeyStoreType()
-    {
-        return (_keyStoreType);
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * @return The type of the key store (default "JKS")
+	 */
+	public String getKeyStoreType()
+	{
+		return (_keyStoreType);
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @param keyStoreType
-     *            The type of the key store (default "JKS")
-     */
-    public void setKeyStoreType(String keyStoreType)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/**
+	 * @param keyStoreType
+	 *            The type of the key store (default "JKS")
+	 */
+	public void setKeyStoreType(String keyStoreType)
+	{
+		checkNotStarted();
 
-        _keyStoreType = keyStoreType;
-    }
+		_keyStoreType = keyStoreType;
+	}
 
-    /* ------------------------------------------------------------ */
-    /** Get the _keyStoreInputStream.
-     * @return the _keyStoreInputStream
-     *
-     * @deprecated
-     */
-    @Deprecated
-    public InputStream getKeyStoreInputStream()
-    {
-        checkKeyStore();
+	/* ------------------------------------------------------------ */
+	/** Get the _keyStoreInputStream.
+	 * @return the _keyStoreInputStream
+	 *
+	 * @deprecated
+	 */
+	@Deprecated
+	public InputStream getKeyStoreInputStream()
+	{
+		checkKeyStore();
 
-        return _keyStoreInputStream;
-    }
+		return _keyStoreInputStream;
+	}
 
-    /* ------------------------------------------------------------ */
-    /** Set the keyStoreInputStream.
-     * @param keyStoreInputStream the InputStream to the KeyStore
-     *
-     * @deprecated Use {@link #setKeyStore(KeyStore)}
-     */
-    @Deprecated
-    public void setKeyStoreInputStream(InputStream keyStoreInputStream)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/** Set the keyStoreInputStream.
+	 * @param keyStoreInputStream the InputStream to the KeyStore
+	 *
+	 * @deprecated Use {@link #setKeyStore(KeyStore)}
+	 */
+	@Deprecated
+	public void setKeyStoreInputStream(InputStream keyStoreInputStream)
+	{
+		checkNotStarted();
 
-        _keyStoreInputStream = keyStoreInputStream;
-    }
+		_keyStoreInputStream = keyStoreInputStream;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @return Alias of SSL certificate for the connector
-     */
-    public String getCertAlias()
-    {
-        return _certAlias;
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * @return Alias of SSL certificate for the connector
+	 */
+	public String getCertAlias()
+	{
+		return _certAlias;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @param certAlias
-     *            Alias of SSL certificate for the connector
-     */
-    public void setCertAlias(String certAlias)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/**
+	 * @param certAlias
+	 *            Alias of SSL certificate for the connector
+	 */
+	public void setCertAlias(String certAlias)
+	{
+		checkNotStarted();
 
-        _certAlias = certAlias;
-    }
+		_certAlias = certAlias;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @return The file name or URL of the trust store location
-     */
-    public String getTrustStore()
-    {
-        return _trustStorePath;
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * @return The file name or URL of the trust store location
+	 */
+	public String getTrustStore()
+	{
+		return _trustStorePath;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @param trustStorePath
-     *            The file name or URL of the trust store location
-     */
-    public void setTrustStore(String trustStorePath)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/**
+	 * @param trustStorePath
+	 *            The file name or URL of the trust store location
+	 */
+	public void setTrustStore(String trustStorePath)
+	{
+		checkNotStarted();
 
-        _trustStorePath = trustStorePath;
-    }
+		_trustStorePath = trustStorePath;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @return The provider of the trust store
-     */
-    public String getTrustStoreProvider()
-    {
-        return _trustStoreProvider;
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * @return The provider of the trust store
+	 */
+	public String getTrustStoreProvider()
+	{
+		return _trustStoreProvider;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @param trustStoreProvider
-     *            The provider of the trust store
-     */
-    public void setTrustStoreProvider(String trustStoreProvider)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/**
+	 * @param trustStoreProvider
+	 *            The provider of the trust store
+	 */
+	public void setTrustStoreProvider(String trustStoreProvider)
+	{
+		checkNotStarted();
 
-        _trustStoreProvider = trustStoreProvider;
-    }
+		_trustStoreProvider = trustStoreProvider;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @return The type of the trust store (default "JKS")
-     */
-    public String getTrustStoreType()
-    {
-        return _trustStoreType;
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * @return The type of the trust store (default "JKS")
+	 */
+	public String getTrustStoreType()
+	{
+		return _trustStoreType;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @param trustStoreType
-     *            The type of the trust store (default "JKS")
-     */
-    public void setTrustStoreType(String trustStoreType)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/**
+	 * @param trustStoreType
+	 *            The type of the trust store (default "JKS")
+	 */
+	public void setTrustStoreType(String trustStoreType)
+	{
+		checkNotStarted();
 
-        _trustStoreType = trustStoreType;
-    }
+		_trustStoreType = trustStoreType;
+	}
 
-    /* ------------------------------------------------------------ */
-    /** Get the _trustStoreInputStream.
-     * @return the _trustStoreInputStream
-     *
-     * @deprecated
-     */
-    @Deprecated
-    public InputStream getTrustStoreInputStream()
-    {
-        checkKeyStore();
+	/* ------------------------------------------------------------ */
+	/** Get the _trustStoreInputStream.
+	 * @return the _trustStoreInputStream
+	 *
+	 * @deprecated
+	 */
+	@Deprecated
+	public InputStream getTrustStoreInputStream()
+	{
+		checkKeyStore();
 
-        return _trustStoreInputStream;
-    }
+		return _trustStoreInputStream;
+	}
 
-    /* ------------------------------------------------------------ */
-    /** Set the _trustStoreInputStream.
-     * @param trustStoreInputStream the InputStream to the TrustStore
-     *
-     * @deprecated
-     */
-    @Deprecated
-    public void setTrustStoreInputStream(InputStream trustStoreInputStream)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/** Set the _trustStoreInputStream.
+	 * @param trustStoreInputStream the InputStream to the TrustStore
+	 *
+	 * @deprecated
+	 */
+	@Deprecated
+	public void setTrustStoreInputStream(InputStream trustStoreInputStream)
+	{
+		checkNotStarted();
 
-        _trustStoreInputStream = trustStoreInputStream;
-    }
+		_trustStoreInputStream = trustStoreInputStream;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @return True if SSL needs client authentication.
-     * @see SSLEngine#getNeedClientAuth()
-     */
-    public boolean getNeedClientAuth()
-    {
-        return _needClientAuth;
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * @return True if SSL needs client authentication.
+	 * @see SSLEngine#getNeedClientAuth()
+	 */
+	public boolean getNeedClientAuth()
+	{
+		return _needClientAuth;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @param needClientAuth
-     *            True if SSL needs client authentication.
-     * @see SSLEngine#getNeedClientAuth()
-     */
-    public void setNeedClientAuth(boolean needClientAuth)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/**
+	 * @param needClientAuth
+	 *            True if SSL needs client authentication.
+	 * @see SSLEngine#getNeedClientAuth()
+	 */
+	public void setNeedClientAuth(boolean needClientAuth)
+	{
+		checkNotStarted();
 
-        _needClientAuth = needClientAuth;
-    }
+		_needClientAuth = needClientAuth;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @return True if SSL wants client authentication.
-     * @see SSLEngine#getWantClientAuth()
-     */
-    public boolean getWantClientAuth()
-    {
-        return _wantClientAuth;
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * @return True if SSL wants client authentication.
+	 * @see SSLEngine#getWantClientAuth()
+	 */
+	public boolean getWantClientAuth()
+	{
+		return _wantClientAuth;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @param wantClientAuth
-     *            True if SSL wants client authentication.
-     * @see SSLEngine#getWantClientAuth()
-     */
-    public void setWantClientAuth(boolean wantClientAuth)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/**
+	 * @param wantClientAuth
+	 *            True if SSL wants client authentication.
+	 * @see SSLEngine#getWantClientAuth()
+	 */
+	public void setWantClientAuth(boolean wantClientAuth)
+	{
+		checkNotStarted();
 
-        _wantClientAuth = wantClientAuth;
-    }
+		_wantClientAuth = wantClientAuth;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @return true if SSL certificate has to be validated
-     * @deprecated
-     */
-    @Deprecated
-    public boolean getValidateCerts()
-    {
-        return _validateCerts;
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * @return true if SSL certificate has to be validated
+	 * @deprecated
+	 */
+	@Deprecated
+	public boolean getValidateCerts()
+	{
+		return _validateCerts;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @return true if SSL certificate has to be validated
-     */
-    public boolean isValidateCerts()
-    {
-        return _validateCerts;
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * @return true if SSL certificate has to be validated
+	 */
+	public boolean isValidateCerts()
+	{
+		return _validateCerts;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @param validateCerts
-     *            true if SSL certificates have to be validated
-     */
-    public void setValidateCerts(boolean validateCerts)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/**
+	 * @param validateCerts
+	 *            true if SSL certificates have to be validated
+	 */
+	public void setValidateCerts(boolean validateCerts)
+	{
+		checkNotStarted();
 
-        _validateCerts = validateCerts;
-    }
+		_validateCerts = validateCerts;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @return true if SSL certificates of the peer have to be validated
-     */
-    public boolean isValidatePeerCerts()
-    {
-        return _validatePeerCerts;
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * @return true if SSL certificates of the peer have to be validated
+	 */
+	public boolean isValidatePeerCerts()
+	{
+		return _validatePeerCerts;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @param validatePeerCerts
-     *            true if SSL certificates of the peer have to be validated
-     */
-    public void setValidatePeerCerts(boolean validatePeerCerts)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/**
+	 * @param validatePeerCerts
+	 *            true if SSL certificates of the peer have to be validated
+	 */
+	public void setValidatePeerCerts(boolean validatePeerCerts)
+	{
+		checkNotStarted();
 
-        _validatePeerCerts = validatePeerCerts;
-    }
+		_validatePeerCerts = validatePeerCerts;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @return True if SSL re-negotiation is allowed (default false)
-     */
-    public boolean isAllowRenegotiate()
-    {
-        return _allowRenegotiate;
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * @return True if SSL re-negotiation is allowed (default false)
+	 */
+	public boolean isAllowRenegotiate()
+	{
+		return _allowRenegotiate;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * Set if SSL re-negotiation is allowed. CVE-2009-3555 discovered
-     * a vulnerability in SSL/TLS with re-negotiation.  If your JVM
-     * does not have CVE-2009-3555 fixed, then re-negotiation should
-     * not be allowed.  CVE-2009-3555 was fixed in Sun java 1.6 with a ban
-     * of renegotiates in u19 and with RFC5746 in u22.
-     *
-     * @param allowRenegotiate
-     *            true if re-negotiation is allowed (default false)
-     */
-    public void setAllowRenegotiate(boolean allowRenegotiate)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/**
+	 * Set if SSL re-negotiation is allowed. CVE-2009-3555 discovered
+	 * a vulnerability in SSL/TLS with re-negotiation.  If your JVM
+	 * does not have CVE-2009-3555 fixed, then re-negotiation should
+	 * not be allowed.  CVE-2009-3555 was fixed in Sun java 1.6 with a ban
+	 * of renegotiates in u19 and with RFC5746 in u22.
+	 *
+	 * @param allowRenegotiate
+	 *            true if re-negotiation is allowed (default false)
+	 */
+	public void setAllowRenegotiate(boolean allowRenegotiate)
+	{
+		checkNotStarted();
 
-        _allowRenegotiate = allowRenegotiate;
-    }
+		_allowRenegotiate = allowRenegotiate;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @param password
-     *            The password for the key store
-     */
-    public void setKeyStorePassword(String password)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/**
+	 * @param password
+	 *            The password for the key store
+	 */
+	public void setKeyStorePassword(String password)
+	{
+		checkNotStarted();
 
-        _keyStorePassword = Password.getPassword(PASSWORD_PROPERTY,password,null);
-    }
+		_keyStorePassword = Password.getPassword(PASSWORD_PROPERTY,password,null);
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @param password
-     *            The password (if any) for the specific key within the key store
-     */
-    public void setKeyManagerPassword(String password)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/**
+	 * @param password
+	 *            The password (if any) for the specific key within the key store
+	 */
+	public void setKeyManagerPassword(String password)
+	{
+		checkNotStarted();
 
-        _keyManagerPassword = Password.getPassword(KEYPASSWORD_PROPERTY,password,null);
-    }
+		_keyManagerPassword = Password.getPassword(KEYPASSWORD_PROPERTY,password,null);
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @param password
-     *            The password for the trust store
-     */
-    public void setTrustStorePassword(String password)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/**
+	 * @param password
+	 *            The password for the trust store
+	 */
+	public void setTrustStorePassword(String password)
+	{
+		checkNotStarted();
 
-        _trustStorePassword = Password.getPassword(PASSWORD_PROPERTY,password,null);
-    }
+		_trustStorePassword = Password.getPassword(PASSWORD_PROPERTY,password,null);
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @return The SSL provider name, which if set is passed to
-     * {@link SSLContext#getInstance(String, String)}
-     */
-    public String getProvider()
-    {
-        return _sslProvider;
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * @return The SSL provider name, which if set is passed to
+	 * {@link SSLContext#getInstance(String, String)}
+	 */
+	public String getProvider()
+	{
+		return _sslProvider;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @param provider
-     *            The SSL provider name, which if set is passed to
-     *            {@link SSLContext#getInstance(String, String)}
-     */
-    public void setProvider(String provider)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/**
+	 * @param provider
+	 *            The SSL provider name, which if set is passed to
+	 *            {@link SSLContext#getInstance(String, String)}
+	 */
+	public void setProvider(String provider)
+	{
+		checkNotStarted();
 
-        _sslProvider = provider;
-    }
+		_sslProvider = provider;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @return The SSL protocol (default "TLS") passed to
-     * {@link SSLContext#getInstance(String, String)}
-     */
-    public String getProtocol()
-    {
-        return _sslProtocol;
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * @return The SSL protocol (default "TLS") passed to
+	 * {@link SSLContext#getInstance(String, String)}
+	 */
+	public String getProtocol()
+	{
+		return _sslProtocol;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @param protocol
-     *            The SSL protocol (default "TLS") passed to
-     *            {@link SSLContext#getInstance(String, String)}
-     */
-    public void setProtocol(String protocol)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/**
+	 * @param protocol
+	 *            The SSL protocol (default "TLS") passed to
+	 *            {@link SSLContext#getInstance(String, String)}
+	 */
+	public void setProtocol(String protocol)
+	{
+		checkNotStarted();
 
-        _sslProtocol = protocol;
-    }
+		_sslProtocol = protocol;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @return The algorithm name, which if set is passed to
-     * {@link SecureRandom#getInstance(String)} to obtain the {@link SecureRandom} instance passed to
-     * {@link SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)}
-     */
-    public String getSecureRandomAlgorithm()
-    {
-        return _secureRandomAlgorithm;
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * @return The algorithm name, which if set is passed to
+	 * {@link SecureRandom#getInstance(String)} to obtain the {@link SecureRandom} instance passed to
+	 * {@link SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)}
+	 */
+	public String getSecureRandomAlgorithm()
+	{
+		return _secureRandomAlgorithm;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @param algorithm
-     *            The algorithm name, which if set is passed to
-     *            {@link SecureRandom#getInstance(String)} to obtain the {@link SecureRandom} instance passed to
-     *            {@link SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)}
-     */
-    public void setSecureRandomAlgorithm(String algorithm)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/**
+	 * @param algorithm
+	 *            The algorithm name, which if set is passed to
+	 *            {@link SecureRandom#getInstance(String)} to obtain the {@link SecureRandom} instance passed to
+	 *            {@link SSLContext#init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)}
+	 */
+	public void setSecureRandomAlgorithm(String algorithm)
+	{
+		checkNotStarted();
 
-        _secureRandomAlgorithm = algorithm;
-    }
+		_secureRandomAlgorithm = algorithm;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @return The algorithm name (default "SunX509") used by the {@link KeyManagerFactory}
-     */
-    public String getSslKeyManagerFactoryAlgorithm()
-    {
-        return (_keyManagerFactoryAlgorithm);
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * @return The algorithm name (default "SunX509") used by the {@link KeyManagerFactory}
+	 */
+	public String getSslKeyManagerFactoryAlgorithm()
+	{
+		return (_keyManagerFactoryAlgorithm);
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @param algorithm
-     *            The algorithm name (default "SunX509") used by the {@link KeyManagerFactory}
-     */
-    public void setSslKeyManagerFactoryAlgorithm(String algorithm)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/**
+	 * @param algorithm
+	 *            The algorithm name (default "SunX509") used by the {@link KeyManagerFactory}
+	 */
+	public void setSslKeyManagerFactoryAlgorithm(String algorithm)
+	{
+		checkNotStarted();
 
-        _keyManagerFactoryAlgorithm = algorithm;
-    }
+		_keyManagerFactoryAlgorithm = algorithm;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @return The algorithm name (default "SunX509") used by the {@link TrustManagerFactory}
-     */
-    public String getTrustManagerFactoryAlgorithm()
-    {
-        return (_trustManagerFactoryAlgorithm);
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * @return The algorithm name (default "SunX509") used by the {@link TrustManagerFactory}
+	 */
+	public String getTrustManagerFactoryAlgorithm()
+	{
+		return (_trustManagerFactoryAlgorithm);
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @return True if all certificates should be trusted if there is no KeyStore or TrustStore
-     */
-    public boolean isTrustAll()
-    {
-        return _trustAll;
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * @return True if all certificates should be trusted if there is no KeyStore or TrustStore
+	 */
+	public boolean isTrustAll()
+	{
+		return _trustAll;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @param trustAll True if all certificates should be trusted if there is no KeyStore or TrustStore
-     */
-    public void setTrustAll(boolean trustAll)
-    {
-        _trustAll = trustAll;
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * @param trustAll True if all certificates should be trusted if there is no KeyStore or TrustStore
+	 */
+	public void setTrustAll(boolean trustAll)
+	{
+		_trustAll = trustAll;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @param algorithm
-     *            The algorithm name (default "SunX509") used by the {@link TrustManagerFactory}
-     *            Use the string "TrustAll" to install a trust manager that trusts all.
-     */
-    public void setTrustManagerFactoryAlgorithm(String algorithm)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/**
+	 * @param algorithm
+	 *            The algorithm name (default "SunX509") used by the {@link TrustManagerFactory}
+	 *            Use the string "TrustAll" to install a trust manager that trusts all.
+	 */
+	public void setTrustManagerFactoryAlgorithm(String algorithm)
+	{
+		checkNotStarted();
 
-        _trustManagerFactoryAlgorithm = algorithm;
-    }
+		_trustManagerFactoryAlgorithm = algorithm;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @return Path to file that contains Certificate Revocation List
-     */
-    public String getCrlPath()
-    {
-        return _crlPath;
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * @return Path to file that contains Certificate Revocation List
+	 */
+	public String getCrlPath()
+	{
+		return _crlPath;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @param crlPath
-     *            Path to file that contains Certificate Revocation List
-     */
-    public void setCrlPath(String crlPath)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/**
+	 * @param crlPath
+	 *            Path to file that contains Certificate Revocation List
+	 */
+	public void setCrlPath(String crlPath)
+	{
+		checkNotStarted();
 
-        _crlPath = crlPath;
-    }
+		_crlPath = crlPath;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @return Maximum number of intermediate certificates in
-     * the certification path (-1 for unlimited)
-     */
-    public int getMaxCertPathLength()
-    {
-        return _maxCertPathLength;
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * @return Maximum number of intermediate certificates in
+	 * the certification path (-1 for unlimited)
+	 */
+	public int getMaxCertPathLength()
+	{
+		return _maxCertPathLength;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @param maxCertPathLength
-     *            maximum number of intermediate certificates in
-     *            the certification path (-1 for unlimited)
-     */
-    public void setMaxCertPathLength(int maxCertPathLength)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/**
+	 * @param maxCertPathLength
+	 *            maximum number of intermediate certificates in
+	 *            the certification path (-1 for unlimited)
+	 */
+	public void setMaxCertPathLength(int maxCertPathLength)
+	{
+		checkNotStarted();
 
-        _maxCertPathLength = maxCertPathLength;
-    }
+		_maxCertPathLength = maxCertPathLength;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @return The SSLContext
-     */
-    public SSLContext getSslContext()
-    {
-        if (!isStarted())
-            throw new IllegalStateException(getState());
-        return _context;
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * @return The SSLContext
+	 */
+	public SSLContext getSslContext()
+	{
+		if (!isStarted())
+			throw new IllegalStateException(getState());
+		return _context;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @param sslContext
-     *            Set a preconfigured SSLContext
-     */
-    public void setSslContext(SSLContext sslContext)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/**
+	 * @param sslContext
+	 *            Set a preconfigured SSLContext
+	 */
+	public void setSslContext(SSLContext sslContext)
+	{
+		checkNotStarted();
 
-        _context = sslContext;
-    }
+		_context = sslContext;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * Override this method to provide alternate way to load a keystore.
-     *
-     * @return the key store instance
-     * @throws Exception if the keystore cannot be loaded
-     */
-    protected KeyStore loadKeyStore() throws Exception
-    {
-        return _keyStore != null ? _keyStore : getKeyStore(_keyStoreInputStream,
-                _keyStorePath, _keyStoreType, _keyStoreProvider,
-                _keyStorePassword==null? null: _keyStorePassword.toString());
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * Override this method to provide alternate way to load a keystore.
+	 *
+	 * @return the key store instance
+	 * @throws Exception if the keystore cannot be loaded
+	 */
+	protected KeyStore loadKeyStore() throws Exception
+	{
+		return _keyStore != null ? _keyStore : getKeyStore(_keyStoreInputStream,
+				_keyStorePath, _keyStoreType, _keyStoreProvider,
+				_keyStorePassword==null? null: _keyStorePassword.toString());
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * Override this method to provide alternate way to load a truststore.
-     *
-     * @return the key store instance
-     * @throws Exception if the truststore cannot be loaded
-     */
-    protected KeyStore loadTrustStore() throws Exception
-    {
-        return _trustStore != null ? _trustStore : getKeyStore(_trustStoreInputStream,
-                _trustStorePath, _trustStoreType,  _trustStoreProvider,
-                _trustStorePassword==null? null: _trustStorePassword.toString());
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * Override this method to provide alternate way to load a truststore.
+	 *
+	 * @return the key store instance
+	 * @throws Exception if the truststore cannot be loaded
+	 */
+	protected KeyStore loadTrustStore() throws Exception
+	{
+		return _trustStore != null ? _trustStore : getKeyStore(_trustStoreInputStream,
+				_trustStorePath, _trustStoreType,  _trustStoreProvider,
+				_trustStorePassword==null? null: _trustStorePassword.toString());
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * Loads keystore using an input stream or a file path in the same
-     * order of precedence.
-     *
-     * Required for integrations to be able to override the mechanism
-     * used to load a keystore in order to provide their own implementation.
-     *
-     * @param storeStream keystore input stream
-     * @param storePath path of keystore file
-     * @param storeType keystore type
-     * @param storeProvider keystore provider
-     * @param storePassword keystore password
-     * @return created keystore
-     * @throws Exception if the keystore cannot be obtained
-     *
-     * @deprecated
-     */
-    @Deprecated
-    protected KeyStore getKeyStore(InputStream storeStream, String storePath, String storeType, String storeProvider, String storePassword) throws Exception
-    {
-        return CertificateUtils.getKeyStore(storeStream, storePath, storeType, storeProvider, storePassword);
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * Loads keystore using an input stream or a file path in the same
+	 * order of precedence.
+	 *
+	 * Required for integrations to be able to override the mechanism
+	 * used to load a keystore in order to provide their own implementation.
+	 *
+	 * @param storeStream keystore input stream
+	 * @param storePath path of keystore file
+	 * @param storeType keystore type
+	 * @param storeProvider keystore provider
+	 * @param storePassword keystore password
+	 * @return created keystore
+	 * @throws Exception if the keystore cannot be obtained
+	 *
+	 * @deprecated
+	 */
+	@Deprecated
+	protected KeyStore getKeyStore(InputStream storeStream, String storePath, String storeType, String storeProvider, String storePassword) throws Exception
+	{
+		return CertificateUtils.getKeyStore(storeStream, storePath, storeType, storeProvider, storePassword);
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * Loads certificate revocation list (CRL) from a file.
-     *
-     * Required for integrations to be able to override the mechanism used to
-     * load CRL in order to provide their own implementation.
-     *
-     * @param crlPath path of certificate revocation list file
-     * @return Collection of CRL's
-     * @throws Exception if the certificate revocation list cannot be loaded
-     */
-    protected Collection<? extends CRL> loadCRL(String crlPath) throws Exception
-    {
-        return CertificateUtils.loadCRL(crlPath);
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * Loads certificate revocation list (CRL) from a file.
+	 *
+	 * Required for integrations to be able to override the mechanism used to
+	 * load CRL in order to provide their own implementation.
+	 *
+	 * @param crlPath path of certificate revocation list file
+	 * @return Collection of CRL's
+	 * @throws Exception if the certificate revocation list cannot be loaded
+	 */
+	protected Collection<? extends CRL> loadCRL(String crlPath) throws Exception
+	{
+		return CertificateUtils.loadCRL(crlPath);
+	}
 
-    /* ------------------------------------------------------------ */
-    protected KeyManager[] getKeyManagers(KeyStore keyStore) throws Exception
-    {
-        KeyManager[] managers = null;
+	/* ------------------------------------------------------------ */
+	protected KeyManager[] getKeyManagers(KeyStore keyStore) throws Exception
+	{
+		KeyManager[] managers = null;
 
-        if (keyStore != null)
-        {
-            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(_keyManagerFactoryAlgorithm);
-            keyManagerFactory.init(keyStore,_keyManagerPassword == null?(_keyStorePassword == null?null:_keyStorePassword.toString().toCharArray()):_keyManagerPassword.toString().toCharArray());
-            managers = keyManagerFactory.getKeyManagers();
+		if (keyStore != null)
+		{
+			KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(_keyManagerFactoryAlgorithm);
+			keyManagerFactory.init(keyStore,_keyManagerPassword == null?(_keyStorePassword == null?null:_keyStorePassword.toString().toCharArray()):_keyManagerPassword.toString().toCharArray());
+			managers = keyManagerFactory.getKeyManagers();
 
-            if (_certAlias != null)
-            {
-                for (int idx = 0; idx < managers.length; idx++)
-                {
-                    if (managers[idx] instanceof X509KeyManager)
-                    {
-                        managers[idx] = new AliasedX509ExtendedKeyManager(_certAlias,(X509KeyManager)managers[idx]);
-                    }
-                }
-            }
-        }
+			if (_certAlias != null)
+			{
+				for (int idx = 0; idx < managers.length; idx++)
+				{
+					if (managers[idx] instanceof X509KeyManager)
+					{
+						managers[idx] = new AliasedX509ExtendedKeyManager(_certAlias,(X509KeyManager)managers[idx]);
+					}
+				}
+			}
+		}
 
-        return managers;
-    }
+		return managers;
+	}
 
-    /* ------------------------------------------------------------ */
-    protected TrustManager[] getTrustManagers(KeyStore trustStore, Collection<? extends CRL> crls) throws Exception
-    {
-        TrustManager[] managers = null;
-        if (trustStore != null)
-        {
-            // Revocation checking is only supported for PKIX algorithm
-            if (_validatePeerCerts && _trustManagerFactoryAlgorithm.equalsIgnoreCase("PKIX"))
-            {
-                PKIXBuilderParameters pbParams = new PKIXBuilderParameters(trustStore,new X509CertSelector());
+	/* ------------------------------------------------------------ */
+	protected TrustManager[] getTrustManagers(KeyStore trustStore, Collection<? extends CRL> crls) throws Exception
+	{
+		TrustManager[] managers = null;
+		if (trustStore != null)
+		{
+			// Revocation checking is only supported for PKIX algorithm
+			if (_validatePeerCerts && _trustManagerFactoryAlgorithm.equalsIgnoreCase("PKIX"))
+			{
+				PKIXBuilderParameters pbParams = new PKIXBuilderParameters(trustStore,new X509CertSelector());
 
-                // Set maximum certification path length
-                pbParams.setMaxPathLength(_maxCertPathLength);
+				// Set maximum certification path length
+				pbParams.setMaxPathLength(_maxCertPathLength);
 
-                // Make sure revocation checking is enabled
-                pbParams.setRevocationEnabled(true);
+				// Make sure revocation checking is enabled
+				pbParams.setRevocationEnabled(true);
 
-                if (crls != null && !crls.isEmpty())
-                {
-                    pbParams.addCertStore(CertStore.getInstance("Collection",new CollectionCertStoreParameters(crls)));
-                }
+				if (crls != null && !crls.isEmpty())
+				{
+					pbParams.addCertStore(CertStore.getInstance("Collection",new CollectionCertStoreParameters(crls)));
+				}
 
-                if (_enableCRLDP)
-                {
-                    // Enable Certificate Revocation List Distribution Points (CRLDP) support
-                    System.setProperty("com.sun.security.enableCRLDP","true");
-                }
+				if (_enableCRLDP)
+				{
+					// Enable Certificate Revocation List Distribution Points (CRLDP) support
+					System.setProperty("com.sun.security.enableCRLDP","true");
+				}
 
-                if (_enableOCSP)
-                {
-                    // Enable On-Line Certificate Status Protocol (OCSP) support
-                    Security.setProperty("ocsp.enable","true");
+				if (_enableOCSP)
+				{
+					// Enable On-Line Certificate Status Protocol (OCSP) support
+					Security.setProperty("ocsp.enable","true");
 
-                    if (_ocspResponderURL != null)
-                    {
-                        // Override location of OCSP Responder
-                        Security.setProperty("ocsp.responderURL", _ocspResponderURL);
-                    }
-                }
+					if (_ocspResponderURL != null)
+					{
+						// Override location of OCSP Responder
+						Security.setProperty("ocsp.responderURL", _ocspResponderURL);
+					}
+				}
 
-                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(_trustManagerFactoryAlgorithm);
-                trustManagerFactory.init(new CertPathTrustManagerParameters(pbParams));
+				TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(_trustManagerFactoryAlgorithm);
+				trustManagerFactory.init(new CertPathTrustManagerParameters(pbParams));
 
-                managers = trustManagerFactory.getTrustManagers();
-            }
-            else
-            {
-                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(_trustManagerFactoryAlgorithm);
-                trustManagerFactory.init(trustStore);
+				managers = trustManagerFactory.getTrustManagers();
+			}
+			else
+			{
+				TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(_trustManagerFactoryAlgorithm);
+				trustManagerFactory.init(trustStore);
 
-                managers = trustManagerFactory.getTrustManagers();
-            }
-        }
+				managers = trustManagerFactory.getTrustManagers();
+			}
+		}
 
-        return managers;
-    }
+		return managers;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * Check KeyStore Configuration. Ensures that if keystore has been
-     * configured but there's no truststore, that keystore is
-     * used as truststore.
-     * @throws IllegalStateException if SslContextFactory configuration can't be used.
-     */
-    public void checkKeyStore()
-    {
-        if (_context != null)
-            return; //nothing to check if using preconfigured context
+	/* ------------------------------------------------------------ */
+	/**
+	 * Check KeyStore Configuration. Ensures that if keystore has been
+	 * configured but there's no truststore, that keystore is
+	 * used as truststore.
+	 * @throws IllegalStateException if SslContextFactory configuration can't be used.
+	 */
+	public void checkKeyStore()
+	{
+		if (_context != null)
+			return; //nothing to check if using preconfigured context
 
 
-        if (_keyStore == null && _keyStoreInputStream == null && _keyStorePath == null)
-            throw new IllegalStateException("SSL doesn't have a valid keystore");
+		if (_keyStore == null && _keyStoreInputStream == null && _keyStorePath == null)
+			throw new IllegalStateException("SSL doesn't have a valid keystore");
 
-        // if the keystore has been configured but there is no
-        // truststore configured, use the keystore as the truststore
-        if (_trustStore == null && _trustStoreInputStream == null && _trustStorePath == null)
-        {
-            _trustStore = _keyStore;
-            _trustStorePath = _keyStorePath;
-            _trustStoreInputStream = _keyStoreInputStream;
-            _trustStoreType = _keyStoreType;
-            _trustStoreProvider = _keyStoreProvider;
-            _trustStorePassword = _keyStorePassword;
-            _trustManagerFactoryAlgorithm = _keyManagerFactoryAlgorithm;
-        }
+		// if the keystore has been configured but there is no
+		// truststore configured, use the keystore as the truststore
+		if (_trustStore == null && _trustStoreInputStream == null && _trustStorePath == null)
+		{
+			_trustStore = _keyStore;
+			_trustStorePath = _keyStorePath;
+			_trustStoreInputStream = _keyStoreInputStream;
+			_trustStoreType = _keyStoreType;
+			_trustStoreProvider = _keyStoreProvider;
+			_trustStorePassword = _keyStorePassword;
+			_trustManagerFactoryAlgorithm = _keyManagerFactoryAlgorithm;
+		}
 
-        // It's the same stream we cannot read it twice, so read it once in memory
-        if (_keyStoreInputStream != null && _keyStoreInputStream == _trustStoreInputStream)
-        {
-            try
-            {
-                ByteArrayOutputStream baos = new ByteArrayOutputStream();
-                IO.copy(_keyStoreInputStream, baos);
-                _keyStoreInputStream.close();
+		// It's the same stream we cannot read it twice, so read it once in memory
+		if (_keyStoreInputStream != null && _keyStoreInputStream == _trustStoreInputStream)
+		{
+			try
+			{
+				ByteArrayOutputStream baos = new ByteArrayOutputStream();
+				IO.copy(_keyStoreInputStream, baos);
+				_keyStoreInputStream.close();
 
-                _keyStoreInputStream = new ByteArrayInputStream(baos.toByteArray());
-                _trustStoreInputStream = new ByteArrayInputStream(baos.toByteArray());
-            }
-            catch (Exception ex)
-            {
-                throw new IllegalStateException(ex);
-            }
-        }
-    }
+				_keyStoreInputStream = new ByteArrayInputStream(baos.toByteArray());
+				_trustStoreInputStream = new ByteArrayInputStream(baos.toByteArray());
+			}
+			catch (Exception ex)
+			{
+				throw new IllegalStateException(ex);
+			}
+		}
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * Select protocols to be used by the connector
-     * based on configured inclusion and exclusion lists
-     * as well as enabled and supported protocols.
-     * @param enabledProtocols Array of enabled protocols
-     * @param supportedProtocols Array of supported protocols
-     * @return Array of protocols to enable
-     */
-    public String[] selectProtocols(String[] enabledProtocols, String[] supportedProtocols)
-    {
-        Set<String> selected_protocols = new LinkedHashSet<String>();
+	/* ------------------------------------------------------------ */
+	/**
+	 * Select protocols to be used by the connector
+	 * based on configured inclusion and exclusion lists
+	 * as well as enabled and supported protocols.
+	 * @param enabledProtocols Array of enabled protocols
+	 * @param supportedProtocols Array of supported protocols
+	 * @return Array of protocols to enable
+	 */
+	public String[] selectProtocols(String[] enabledProtocols, String[] supportedProtocols)
+	{
+		Set<String> selected_protocols = new LinkedHashSet<String>();
 
-        // Set the starting protocols - either from the included or enabled list
-        if (_includeProtocols!=null)
-        {
-            // Use only the supported included protocols
-            for (String protocol : _includeProtocols)
-                if(Arrays.asList(supportedProtocols).contains(protocol))
-                    selected_protocols.add(protocol);
-        }
-        else
-            selected_protocols.addAll(Arrays.asList(enabledProtocols));
+		// Set the starting protocols - either from the included or enabled list
+		if (_includeProtocols!=null)
+		{
+			// Use only the supported included protocols
+			for (String protocol : _includeProtocols)
+				if(Arrays.asList(supportedProtocols).contains(protocol))
+					selected_protocols.add(protocol);
+		}
+		else
+			selected_protocols.addAll(Arrays.asList(enabledProtocols));
 
 
-        // Remove any excluded protocols
-        if (_excludeProtocols != null)
-            selected_protocols.removeAll(_excludeProtocols);
+		// Remove any excluded protocols
+		if (_excludeProtocols != null)
+			selected_protocols.removeAll(_excludeProtocols);
 
-        return selected_protocols.toArray(new String[selected_protocols.size()]);
-    }
+		return selected_protocols.toArray(new String[selected_protocols.size()]);
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * Select cipher suites to be used by the connector
-     * based on configured inclusion and exclusion lists
-     * as well as enabled and supported cipher suite lists.
-     * @param enabledCipherSuites Array of enabled cipher suites
-     * @param supportedCipherSuites Array of supported cipher suites
-     * @return Array of cipher suites to enable
-     */
-    public String[] selectCipherSuites(String[] enabledCipherSuites, String[] supportedCipherSuites)
-    {
-        Set<String> selected_ciphers = new LinkedHashSet<String>();
+	/* ------------------------------------------------------------ */
+	/**
+	 * Select cipher suites to be used by the connector
+	 * based on configured inclusion and exclusion lists
+	 * as well as enabled and supported cipher suite lists.
+	 * @param enabledCipherSuites Array of enabled cipher suites
+	 * @param supportedCipherSuites Array of supported cipher suites
+	 * @return Array of cipher suites to enable
+	 */
+	public String[] selectCipherSuites(String[] enabledCipherSuites, String[] supportedCipherSuites)
+	{
+		Set<String> selected_ciphers = new LinkedHashSet<String>();
 
-        // Set the starting ciphers - either from the included or enabled list
-        if (_includeCipherSuites!=null)
-        {
-            // Use only the supported included ciphers
-            for (String cipherSuite : _includeCipherSuites)
-                if(Arrays.asList(supportedCipherSuites).contains(cipherSuite))
-                    selected_ciphers.add(cipherSuite);
-        }
-        else
-            selected_ciphers.addAll(Arrays.asList(enabledCipherSuites));
+		// Set the starting ciphers - either from the included or enabled list
+		if (_includeCipherSuites!=null)
+		{
+			// Use only the supported included ciphers
+			for (String cipherSuite : _includeCipherSuites)
+				if(Arrays.asList(supportedCipherSuites).contains(cipherSuite))
+					selected_ciphers.add(cipherSuite);
+		}
+		else
+			selected_ciphers.addAll(Arrays.asList(enabledCipherSuites));
 
 
-        // Remove any excluded ciphers
-        if (_excludeCipherSuites != null)
-            selected_ciphers.removeAll(_excludeCipherSuites);
-        return selected_ciphers.toArray(new String[selected_ciphers.size()]);
-    }
+		// Remove any excluded ciphers
+		if (_excludeCipherSuites != null)
+			selected_ciphers.removeAll(_excludeCipherSuites);
+		return selected_ciphers.toArray(new String[selected_ciphers.size()]);
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * Check if the lifecycle has been started and throw runtime exception
-     */
-    protected void checkNotStarted()
-    {
-        if (isStarted())
-            throw new IllegalStateException("Cannot modify configuration when "+getState());
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * Check if the lifecycle has been started and throw runtime exception
+	 */
+	protected void checkNotStarted()
+	{
+		if (isStarted())
+			throw new IllegalStateException("Cannot modify configuration when "+getState());
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @return true if CRL Distribution Points support is enabled
-     */
-    public boolean isEnableCRLDP()
-    {
-        return _enableCRLDP;
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * @return true if CRL Distribution Points support is enabled
+	 */
+	public boolean isEnableCRLDP()
+	{
+		return _enableCRLDP;
+	}
 
-    /* ------------------------------------------------------------ */
-    /** Enables CRL Distribution Points Support
-     * @param enableCRLDP true - turn on, false - turns off
-     */
-    public void setEnableCRLDP(boolean enableCRLDP)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/** Enables CRL Distribution Points Support
+	 * @param enableCRLDP true - turn on, false - turns off
+	 */
+	public void setEnableCRLDP(boolean enableCRLDP)
+	{
+		checkNotStarted();
 
-        _enableCRLDP = enableCRLDP;
-    }
+		_enableCRLDP = enableCRLDP;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @return true if On-Line Certificate Status Protocol support is enabled
-     */
-    public boolean isEnableOCSP()
-    {
-        return _enableOCSP;
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * @return true if On-Line Certificate Status Protocol support is enabled
+	 */
+	public boolean isEnableOCSP()
+	{
+		return _enableOCSP;
+	}
 
-    /* ------------------------------------------------------------ */
-    /** Enables On-Line Certificate Status Protocol support
-     * @param enableOCSP true - turn on, false - turn off
-     */
-    public void setEnableOCSP(boolean enableOCSP)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/** Enables On-Line Certificate Status Protocol support
+	 * @param enableOCSP true - turn on, false - turn off
+	 */
+	public void setEnableOCSP(boolean enableOCSP)
+	{
+		checkNotStarted();
 
-        _enableOCSP = enableOCSP;
-    }
+		_enableOCSP = enableOCSP;
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-     * @return Location of the OCSP Responder
-     */
-    public String getOcspResponderURL()
-    {
-        return _ocspResponderURL;
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	 * @return Location of the OCSP Responder
+	 */
+	public String getOcspResponderURL()
+	{
+		return _ocspResponderURL;
+	}
 
-    /* ------------------------------------------------------------ */
-    /** Set the location of the OCSP Responder.
-     * @param ocspResponderURL location of the OCSP Responder
-     */
-    public void setOcspResponderURL(String ocspResponderURL)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/** Set the location of the OCSP Responder.
+	 * @param ocspResponderURL location of the OCSP Responder
+	 */
+	public void setOcspResponderURL(String ocspResponderURL)
+	{
+		checkNotStarted();
 
-        _ocspResponderURL = ocspResponderURL;
-    }
+		_ocspResponderURL = ocspResponderURL;
+	}
 
-    /* ------------------------------------------------------------ */
-    /** Set the key store.
-     * @param keyStore the key store to set
-     */
-    public void setKeyStore(KeyStore keyStore)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/** Set the key store.
+	 * @param keyStore the key store to set
+	 */
+	public void setKeyStore(KeyStore keyStore)
+	{
+		checkNotStarted();
 
-        _keyStore = keyStore;
-    }
+		_keyStore = keyStore;
+	}
 
-    /* ------------------------------------------------------------ */
-    /** Set the trust store.
-     * @param trustStore the trust store to set
-     */
-    public void setTrustStore(KeyStore trustStore)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/** Set the trust store.
+	 * @param trustStore the trust store to set
+	 */
+	public void setTrustStore(KeyStore trustStore)
+	{
+		checkNotStarted();
 
-        _trustStore = trustStore;
-    }
+		_trustStore = trustStore;
+	}
 
-    /* ------------------------------------------------------------ */
-    /** Set the key store resource.
-     * @param resource the key store resource to set
-     */
-    public void setKeyStoreResource(Resource resource)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/** Set the key store resource.
+	 * @param resource the key store resource to set
+	 */
+	public void setKeyStoreResource(Resource resource)
+	{
+		checkNotStarted();
 
-        try
-        {
-            _keyStoreInputStream = resource.getInputStream();
-        }
-        catch (IOException e)
-        {
-             throw new InvalidParameterException("Unable to get resource "+
-                     "input stream for resource "+resource.toString());
-        }
-    }
+		try
+		{
+			_keyStoreInputStream = resource.getInputStream();
+		}
+		catch (IOException e)
+		{
+			 throw new InvalidParameterException("Unable to get resource "+
+					 "input stream for resource "+resource.toString());
+		}
+	}
 
-    /* ------------------------------------------------------------ */
-    /** Set the trust store resource.
-     * @param resource the trust store resource to set
-     */
-    public void setTrustStoreResource(Resource resource)
-    {
-        checkNotStarted();
+	/* ------------------------------------------------------------ */
+	/** Set the trust store resource.
+	 * @param resource the trust store resource to set
+	 */
+	public void setTrustStoreResource(Resource resource)
+	{
+		checkNotStarted();
 
-        try
-        {
-            _trustStoreInputStream = resource.getInputStream();
-        }
-        catch (IOException e)
-        {
-             throw new InvalidParameterException("Unable to get resource "+
-                     "input stream for resource "+resource.toString());
-        }
-    }
+		try
+		{
+			_trustStoreInputStream = resource.getInputStream();
+		}
+		catch (IOException e)
+		{
+			 throw new InvalidParameterException("Unable to get resource "+
+					 "input stream for resource "+resource.toString());
+		}
+	}
 
-    /* ------------------------------------------------------------ */
-    /**
-    * @return true if SSL Session caching is enabled
-    */
-    public boolean isSessionCachingEnabled()
-    {
-        return _sessionCachingEnabled;
-    }
+	/* ------------------------------------------------------------ */
+	/**
+	* @return true if SSL Session caching is enabled
+	*/
+	public boolean isSessionCachingEnabled()
+	{
+		return _sessionCachingEnabled;
+	}
 
-    /* ------------------------------------------------------------ */
-    /** Set the flag to enable SSL Session caching.
-    * @param enableSessionCaching the value of the flag
-    */
-    public void setSessionCachingEnabled(boolean enableSessionCaching)
-    {
-        _sessionCachingEnabled = enableSessionCaching;
-    }
+	/* ------------------------------------------------------------ */
+	/** Set the flag to enable SSL Session caching.
+	* @param enableSessionCaching the value of the flag
+	*/
+	public void setSessionCachingEnabled(boolean enableSessionCaching)
+	{
+		_sessionCachingEnabled = enableSessionCaching;
+	}
 
-    /* ------------------------------------------------------------ */
-    /** Get SSL session cache size.
-     * @return SSL session cache size
-     */
-    public int getSslSessionCacheSize()
-    {
-        return _sslSessionCacheSize;
-    }
+	/* ------------------------------------------------------------ */
+	/** Get SSL session cache size.
+	 * @return SSL session cache size
+	 */
+	public int getSslSessionCacheSize()
+	{
+		return _sslSessionCacheSize;
+	}
 
-    /* ------------------------------------------------------------ */
-    /** SEt SSL session cache size.
-     * @param sslSessionCacheSize SSL session cache size to set
-     */
-    public void setSslSessionCacheSize(int sslSessionCacheSize)
-    {
-        _sslSessionCacheSize = sslSessionCacheSize;
-    }
+	/* ------------------------------------------------------------ */
+	/** SEt SSL session cache size.
+	 * @param sslSessionCacheSize SSL session cache size to set
+	 */
+	public void setSslSessionCacheSize(int sslSessionCacheSize)
+	{
+		_sslSessionCacheSize = sslSessionCacheSize;
+	}
 
-    /* ------------------------------------------------------------ */
-    /** Get SSL session timeout.
-     * @return SSL session timeout
-     */
-    public int getSslSessionTimeout()
-    {
-        return _sslSessionTimeout;
-    }
+	/* ------------------------------------------------------------ */
+	/** Get SSL session timeout.
+	 * @return SSL session timeout
+	 */
+	public int getSslSessionTimeout()
+	{
+		return _sslSessionTimeout;
+	}
 
-    /* ------------------------------------------------------------ */
-    /** Set SSL session timeout.
-     * @param sslSessionTimeout SSL session timeout to set
-     */
-    public void setSslSessionTimeout(int sslSessionTimeout)
-    {
-        _sslSessionTimeout = sslSessionTimeout;
-    }
+	/* ------------------------------------------------------------ */
+	/** Set SSL session timeout.
+	 * @param sslSessionTimeout SSL session timeout to set
+	 */
+	public void setSslSessionTimeout(int sslSessionTimeout)
+	{
+		_sslSessionTimeout = sslSessionTimeout;
+	}
 
 
-    /* ------------------------------------------------------------ */
-    public SSLServerSocket newSslServerSocket(String host,int port,int backlog) throws IOException
-    {
-        SSLServerSocketFactory factory = _context.getServerSocketFactory();
+	/* ------------------------------------------------------------ */
+	public SSLServerSocket newSslServerSocket(String host,int port,int backlog) throws IOException
+	{
+		SSLServerSocketFactory factory = _context.getServerSocketFactory();
 
-        SSLServerSocket socket =
-            (SSLServerSocket) (host==null ?
-                        factory.createServerSocket(port,backlog):
-                        factory.createServerSocket(port,backlog,InetAddress.getByName(host)));
+		SSLServerSocket socket =
+			(SSLServerSocket) (host==null ?
+						factory.createServerSocket(port,backlog):
+						factory.createServerSocket(port,backlog,InetAddress.getByName(host)));
 
-        if (getWantClientAuth())
-            socket.setWantClientAuth(getWantClientAuth());
-        if (getNeedClientAuth())
-            socket.setNeedClientAuth(getNeedClientAuth());
+		if (getWantClientAuth())
+			socket.setWantClientAuth(getWantClientAuth());
+		if (getNeedClientAuth())
+			socket.setNeedClientAuth(getNeedClientAuth());
 
-        socket.setEnabledCipherSuites(selectCipherSuites(
-                                            socket.getEnabledCipherSuites(),
-                                            socket.getSupportedCipherSuites()));
-        socket.setEnabledProtocols(selectProtocols(socket.getEnabledProtocols(),socket.getSupportedProtocols()));
+		socket.setEnabledCipherSuites(selectCipherSuites(
+											socket.getEnabledCipherSuites(),
+											socket.getSupportedCipherSuites()));
+		socket.setEnabledProtocols(selectProtocols(socket.getEnabledProtocols(),socket.getSupportedProtocols()));
 
-        return socket;
-    }
+		return socket;
+	}
 
-    /* ------------------------------------------------------------ */
-    public SSLSocket newSslSocket() throws IOException
-    {
-        SSLSocketFactory factory = _context.getSocketFactory();
+	/* ------------------------------------------------------------ */
+	public SSLSocket newSslSocket() throws IOException
+	{
+		SSLSocketFactory factory = _context.getSocketFactory();
 
-        SSLSocket socket = (SSLSocket)factory.createSocket();
+		SSLSocket socket = (SSLSocket)factory.createSocket();
 
-        if (getWantClientAuth())
-            socket.setWantClientAuth(getWantClientAuth());
-        if (getNeedClientAuth())
-            socket.setNeedClientAuth(getNeedClientAuth());
+		if (getWantClientAuth())
+			socket.setWantClientAuth(getWantClientAuth());
+		if (getNeedClientAuth())
+			socket.setNeedClientAuth(getNeedClientAuth());
 
-        socket.setEnabledCipherSuites(selectCipherSuites(
-                                            socket.getEnabledCipherSuites(),
-                                            socket.getSupportedCipherSuites()));
-        socket.setEnabledProtocols(selectProtocols(socket.getEnabledProtocols(),socket.getSupportedProtocols()));
+		socket.setEnabledCipherSuites(selectCipherSuites(
+											socket.getEnabledCipherSuites(),
+											socket.getSupportedCipherSuites()));
+		socket.setEnabledProtocols(selectProtocols(socket.getEnabledProtocols(),socket.getSupportedProtocols()));
 
-        return socket;
-    }
+		return socket;
+	}
 
-    /* ------------------------------------------------------------ */
-    public SSLEngine newSslEngine(String host,int port)
-    {
-        SSLEngine sslEngine=isSessionCachingEnabled()
-            ?_context.createSSLEngine(host, port)
-            :_context.createSSLEngine();
+	/* ------------------------------------------------------------ */
+	public SSLEngine newSslEngine(String host,int port)
+	{
+		SSLEngine sslEngine=isSessionCachingEnabled()
+			?_context.createSSLEngine(host, port)
+			:_context.createSSLEngine();
 
-        customize(sslEngine);
-        return sslEngine;
-    }
+		customize(sslEngine);
+		return sslEngine;
+	}
 
-    /* ------------------------------------------------------------ */
-    public SSLEngine newSslEngine()
-    {
-        SSLEngine sslEngine=_context.createSSLEngine();
-        customize(sslEngine);
-        return sslEngine;
-    }
+	/* ------------------------------------------------------------ */
+	public SSLEngine newSslEngine()
+	{
+		SSLEngine sslEngine=_context.createSSLEngine();
+		customize(sslEngine);
+		return sslEngine;
+	}
 
-    /* ------------------------------------------------------------ */
-    public void customize(SSLEngine sslEngine)
-    {
-        if (getWantClientAuth())
-            sslEngine.setWantClientAuth(getWantClientAuth());
-        if (getNeedClientAuth())
-            sslEngine.setNeedClientAuth(getNeedClientAuth());
+	/* ------------------------------------------------------------ */
+	public void customize(SSLEngine sslEngine)
+	{
+		if (getWantClientAuth())
+			sslEngine.setWantClientAuth(getWantClientAuth());
+		if (getNeedClientAuth())
+			sslEngine.setNeedClientAuth(getNeedClientAuth());
 
-        sslEngine.setEnabledCipherSuites(selectCipherSuites(
-                sslEngine.getEnabledCipherSuites(),
-                sslEngine.getSupportedCipherSuites()));
+		sslEngine.setEnabledCipherSuites(selectCipherSuites(
+				sslEngine.getEnabledCipherSuites(),
+				sslEngine.getSupportedCipherSuites()));
 
-        sslEngine.setEnabledProtocols(selectProtocols(sslEngine.getEnabledProtocols(),sslEngine.getSupportedProtocols()));
-    }
+		sslEngine.setEnabledProtocols(selectProtocols(sslEngine.getEnabledProtocols(),sslEngine.getSupportedProtocols()));
+	}
 
-    /* ------------------------------------------------------------ */
-    public String toString()
-    {
-        return String.format("%s@%x(%s,%s)",
-                getClass().getSimpleName(),
-                hashCode(),
-                _keyStorePath,
-                _trustStorePath);
-    }
+	/* ------------------------------------------------------------ */
+	public String toString()
+	{
+		return String.format("%s@%x(%s,%s)",
+				getClass().getSimpleName(),
+				hashCode(),
+				_keyStorePath,
+				_trustStorePath);
+	}
 }