|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.jsslutils.sslcontext.DefaultSSLContextFactory
org.jsslutils.sslcontext.X509SSLContextFactory
org.jsslutils.sslcontext.PKIXSSLContextFactory
public class PKIXSSLContextFactory
This class is a factory that provides methods for creating an SSLContext configured with the settings set in this factory: using the PKIX algorithm for both the key manager and the trust manager. These managers are created from the KeyStores passed to the constructor. This implementation build a trust store that supports revocation and CRLs, see the CRL-related methods. The "org.jsslutils.prop.crlReloadInterval" system property may be used to configure the reload interval for CRLs (when re-loaded automatically), in seconds (0 won't reload them).
Nested Class Summary |
---|
Nested classes/interfaces inherited from interface org.jsslutils.sslcontext.SSLContextFactory |
---|
SSLContextFactory.SSLContextFactoryException |
Field Summary | |
---|---|
static java.lang.String |
CRL_RELOAD_INTERVAL_PROP
|
protected java.util.Set<java.security.cert.CRL> |
crlCollection
|
protected boolean |
enableRevocation
|
Fields inherited from class org.jsslutils.sslcontext.DefaultSSLContextFactory |
---|
CONTEXT_PROTOCOL_NAME_PROP, CONTEXT_PROVIDER_NAME_PROP, SECURERANDOM_ALGORITHM_PROP, SECURERANDOM_PROVIDER_NAME_PROP |
Constructor Summary | |
---|---|
PKIXSSLContextFactory()
|
|
PKIXSSLContextFactory(java.security.KeyStore keyStore,
char[] keyPassword,
java.security.KeyStore trustStore)
Builds an SSLContextFactory using the PKIX algorithm in the TrustManagerFactory. |
|
PKIXSSLContextFactory(java.security.KeyStore keyStore,
char[] keyPassword,
java.security.KeyStore trustStore,
boolean enableRevocation)
Builds an SSLContextFactory using the PKIX algorithm in the TrustManagerFactory. |
|
PKIXSSLContextFactory(java.security.KeyStore keyStore,
java.lang.String keyPassword,
java.security.KeyStore trustStore)
Builds an SSLContextFactory using the PKIX algorithm in the TrustManagerFactory. |
|
PKIXSSLContextFactory(java.security.KeyStore keyStore,
java.lang.String keyPassword,
java.security.KeyStore trustStore,
boolean enableRevocation)
Builds an SSLContextFactory using the PKIX algorithm in the TrustManagerFactory. |
Method Summary | |
---|---|
void |
addCrl(java.security.cert.CRL crl)
Adds a CRL to the collection used by getCrlCollection() (and thus the trust manager by default). |
void |
addCrl(java.io.InputStream crlInputStream)
Adds a CRL from an InputStream to the collection used by getCrlCollection() (and thus the trust manager by default). |
void |
addCrl(java.lang.String crlUrl)
Adds a CRL from a URL to the collection used by getCrlCollection() (and thus the trust manager by default). |
void |
addCrl(java.lang.String crlUrl,
long reloadInterval)
Adds a CRL from a URL to the collection used by getCrlCollection() (and thus the trust manager by default); this CRL will be reloaded periodically. |
void |
addCrlCollection(java.util.Collection<? extends java.security.cert.CRL> crlCollection)
Adds CRLs to the collection used by getCrlCollection() (and thus the trust manager by default). |
java.util.concurrent.Callable<java.security.cert.X509CRL> |
addReloadableCrl(java.lang.String crlUrl)
Adds a CRL from a URL to the collection used by getCrlCollection() (and thus the trust manager by default). |
protected java.security.cert.CertStore |
getCertStore()
Returns the CertStore added to the PKIXParameters in getPKIXParameters(). |
java.util.Collection<? extends java.security.cert.CRL> |
getCrlCollection()
Returns the Collection of X509CRLs used to initialise the CollectionCertStoreParameters used in getCertStore(). |
protected java.security.cert.PKIXParameters |
getPKIXParameters()
Returns the PKIXParameters used for initialising the ManagerFactoryParameters in getTrustParams(). |
protected javax.net.ssl.TrustManager[] |
getRawTrustManagers()
Builds TrustManagers from the trust store provided in the constructor, using a PKIX TrustManagerFactory. |
protected javax.net.ssl.ManagerFactoryParameters |
getTrustParams()
Returns the ManagerFactoryParameters used for initialising the TrustManagerFactory in getTrustManagers(). |
java.security.cert.CRL |
loadCrl(java.io.InputStream crlInputStream)
Builds a CRL object from an InputStream. |
java.security.cert.CRL |
loadCrl(java.lang.String crlUrl)
Builds a CRL object from a URL. |
Methods inherited from class org.jsslutils.sslcontext.X509SSLContextFactory |
---|
configure, getKeyManagers, getKeyStore, getRawKeyManagers, getTrustManagers, getTrustStore, setKeyManagerWrapper, setKeyPassword, setKeyPasswordCallbackHandler, setKeyStore, setKeyStorePasswordCallbackHandler, setTrustManagerWrapper, setTrustStore, setTrustStorePasswordCallbackHandler |
Methods inherited from class org.jsslutils.sslcontext.DefaultSSLContextFactory |
---|
buildSSLContext, buildSSLContext, clone, getContextProtocol, getContextProvider, getDefaultSecureRandomAlgorithm, getSecureRandom, getSecureRandomProvider, setSecureRandom |
Methods inherited from class java.lang.Object |
---|
equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final java.lang.String CRL_RELOAD_INTERVAL_PROP
protected boolean enableRevocation
protected java.util.Set<java.security.cert.CRL> crlCollection
Constructor Detail |
---|
public PKIXSSLContextFactory()
public PKIXSSLContextFactory(java.security.KeyStore keyStore, char[] keyPassword, java.security.KeyStore trustStore, boolean enableRevocation)
keyStore
- KeyStore that contains the key.keyPassword
- password to the key.trustStore
- KeyStore that contains the trusted X.509 certificates.enableRevocation
- sets whether certificate revocation should be enabled.public PKIXSSLContextFactory(java.security.KeyStore keyStore, java.lang.String keyPassword, java.security.KeyStore trustStore, boolean enableRevocation)
keyStore
- KeyStore that contains the key.keyPassword
- password to the key.trustStore
- KeyStore that contains the trusted X.509 certificates.enableRevocation
- sets whether certificate revocation should be enabled.public PKIXSSLContextFactory(java.security.KeyStore keyStore, char[] keyPassword, java.security.KeyStore trustStore)
keyStore
- KeyStore that contains the key.keyPassword
- password to the key.trustStore
- KeyStore that contains the trusted X.509 certificates.public PKIXSSLContextFactory(java.security.KeyStore keyStore, java.lang.String keyPassword, java.security.KeyStore trustStore)
keyStore
- KeyStore that contains the key.keyPassword
- password to the key.trustStore
- KeyStore that contains the trusted X.509 certificates.Method Detail |
---|
protected javax.net.ssl.TrustManager[] getRawTrustManagers() throws SSLContextFactory.SSLContextFactoryException
getRawTrustManagers
in class X509SSLContextFactory
SSLContextFactory.SSLContextFactoryException
protected javax.net.ssl.ManagerFactoryParameters getTrustParams() throws SSLContextFactory.SSLContextFactoryException
SSLContextFactoryException
SSLContextFactory.SSLContextFactoryException
protected java.security.cert.PKIXParameters getPKIXParameters() throws SSLContextFactory.SSLContextFactoryException
SSLContextFactoryException
SSLContextFactory.SSLContextFactoryException
protected java.security.cert.CertStore getCertStore() throws SSLContextFactory.SSLContextFactoryException
SSLContextFactoryException
SSLContextFactory.SSLContextFactoryException
public java.util.Collection<? extends java.security.cert.CRL> getCrlCollection() throws SSLContextFactory.SSLContextFactoryException
SSLContextFactoryException
SSLContextFactory.SSLContextFactoryException
public void addCrlCollection(java.util.Collection<? extends java.security.cert.CRL> crlCollection) throws SSLContextFactory.SSLContextFactoryException
crlCollection
- collection of CRLs to add.
SSLContextFactoryException
SSLContextFactory.SSLContextFactoryException
public void addCrl(java.security.cert.CRL crl) throws SSLContextFactory.SSLContextFactoryException
crl
- CRL to add.
SSLContextFactoryException
SSLContextFactory.SSLContextFactoryException
public void addCrl(java.io.InputStream crlInputStream) throws SSLContextFactory.SSLContextFactoryException
crlInputStream
- InputStream containing the CRL to read (this is not closed by
this method).
SSLContextFactoryException
SSLContextFactory.SSLContextFactoryException
public void addCrl(java.lang.String crlUrl) throws SSLContextFactory.SSLContextFactoryException, java.net.MalformedURLException, java.io.IOException
crlUrl
- URL of the CRL to fetch.
SSLContextFactoryException
java.io.IOException
java.net.MalformedURLException
SSLContextFactory.SSLContextFactoryException
public void addCrl(java.lang.String crlUrl, long reloadInterval) throws SSLContextFactory.SSLContextFactoryException, java.net.MalformedURLException, java.io.IOException
crlUrl
- URL of the CRL to fetch.reloadInterval
- number of seconds between reloads.
SSLContextFactoryException
java.net.MalformedURLException
java.io.IOException
SSLContextFactory.SSLContextFactoryException
public java.util.concurrent.Callable<java.security.cert.X509CRL> addReloadableCrl(java.lang.String crlUrl) throws SSLContextFactory.SSLContextFactoryException, java.net.MalformedURLException, java.io.IOException
crlUrl
- URL of the CRL to fetch.
SSLContextFactoryException
java.net.MalformedURLException
java.io.IOException
SSLContextFactory.SSLContextFactoryException
public java.security.cert.CRL loadCrl(java.io.InputStream crlInputStream) throws SSLContextFactory.SSLContextFactoryException
crlInputStream
- InputStream containing the CRL to read (this is not closed by
this method).
SSLContextFactoryException
SSLContextFactory.SSLContextFactoryException
public java.security.cert.CRL loadCrl(java.lang.String crlUrl) throws SSLContextFactory.SSLContextFactoryException, java.io.IOException, java.net.MalformedURLException
crlUrl
- URL of the CRL to fetch.
SSLContextFactoryException
java.io.IOException
java.net.MalformedURLException
SSLContextFactory.SSLContextFactoryException
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |