|
Platform SDK Java 8.5 API Reference | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectcom.genesyslab.platform.commons.connection.tls.SSLContextHelper
public class SSLContextHelper
Helper class that provides methods for easy creation and configuration of SSLContext and SSLEngine instances.
KeyManagerHelper
,
TrustManagerHelper
Constructor Summary | |
---|---|
SSLContextHelper()
|
Method Summary | |
---|---|
static javax.net.ssl.SSLContext |
createSSLContext(javax.net.ssl.KeyManager[] keyManagers,
javax.net.ssl.TrustManager[] trustManagers,
java.security.SecureRandom secureRandom)
/** Extended helper method for SSLContext creation. |
static javax.net.ssl.SSLContext |
createSSLContext(javax.net.ssl.KeyManager[] keyManagers,
javax.net.ssl.TrustManager[] trustManagers,
java.security.SecureRandom secureRandom,
java.lang.String tlsVersion)
/** Extended helper method for SSLContext creation. |
static javax.net.ssl.SSLContext |
createSSLContext(javax.net.ssl.KeyManager keyManager,
javax.net.ssl.TrustManager trustManager)
Simplified helper method for SSLContext creation. |
static SSLExtendedOptions |
createSSLExtendedOptions(boolean mutualTLS,
java.lang.String enabledCipherSuites)
Creates a container with additional TLS/SSL options that can not be set directly to SSLContext . |
static SSLExtendedOptions |
createSSLExtendedOptions(boolean mutualTLS,
java.lang.String[] enabledCipherSuites)
Creates a container with additional TLS/SSL options that can not be set directly to SSLContext . |
static SSLExtendedOptions |
createSSLExtendedOptions(boolean mutualTLS,
java.lang.String[] enabledCipherSuites,
java.lang.String[] enabledProtocols)
Creates a container with additional TLS/SSL options that can not be set directly to SSLContext . |
static SSLExtendedOptions |
createSSLExtendedOptions(boolean mutualTLS,
java.lang.String enabledCipherSuites,
java.lang.String enabledProtocols)
Creates a container with additional TLS/SSL options that can not be set directly to SSLContext . |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public SSLContextHelper()
Method Detail |
---|
public static javax.net.ssl.SSLContext createSSLContext(javax.net.ssl.KeyManager[] keyManagers, javax.net.ssl.TrustManager[] trustManagers, java.security.SecureRandom secureRandom, java.lang.String tlsVersion) throws java.security.GeneralSecurityException
keyManagers
- KeyManager instances to be used. User can provide any KeyManagers
besides those created using PSDK helpers. Can be null - Java will create and
use default KeyManagerstrustManagers
- TrustManager instances to be used. User can provide any TrustManagers
besides those created using PSDK helpers. Can be null - Java will create and
use default TrustManagerssecureRandom
- SecureRandom instance, just in case it is needed to use specific one.
Can be null - Java will create and use default instance.tlsVersion
- a TLS version which should be used in SSLContext.
TLSConfiguration.TLS_VERSION_DEFAULT
will be used.
TLSConfiguration.TLS_VERSION_1
,
TLSConfiguration.TLS_VERSION_1_1
,
TLSConfiguration.TLS_VERSION_1_2
.
java.security.GeneralSecurityException
- If there are problems creating/configuring SSLContextpublic static javax.net.ssl.SSLContext createSSLContext(javax.net.ssl.KeyManager[] keyManagers, javax.net.ssl.TrustManager[] trustManagers, java.security.SecureRandom secureRandom) throws java.security.GeneralSecurityException
keyManagers
- KeyManager instances to be used. User can provide any KeyManagers
besides those created using PSDK helpers. Can be null - Java will create and
use default KeyManagerstrustManagers
- TrustManager instances to be used. User can provide any TrustManagers
besides those created using PSDK helpers. Can be null - Java will create and
use default TrustManagerssecureRandom
- SecureRandom instance, just in case it is needed to use specific one.
Can be null - Java will create and use default instance.
java.security.GeneralSecurityException
- If there are problems creating/configuring SSLContextpublic static javax.net.ssl.SSLContext createSSLContext(javax.net.ssl.KeyManager keyManager, javax.net.ssl.TrustManager trustManager) throws java.security.GeneralSecurityException
keyManager
- KeyManager instance. Can be one created using KeyManagerHelper or any
other one. Can be null - Java will create and use default KeyManagers.trustManager
- TrustManager instance. Can be one created using TrustManagerHelper or
any other one. Can be null - Java will create and use default TrustManagers.
java.security.GeneralSecurityException
- If there are problems creating/configuring SSLContextpublic static SSLExtendedOptions createSSLExtendedOptions(boolean mutualTLS, java.lang.String[] enabledCipherSuites)
SSLContext
.
Example:
final boolean mutualTLS = true;
final String[] ciphers = new String[] {
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"};
SSLExtendedOptions sslOpts = createSSLExtendedOptions(mutualTLS, ciphers);
Information on cipher names can be found in Java� Cryptography Architecture Standard Algorithm Name Documentation
mutualTLS
- Used only for server side, meaningless for client side.
If set to true
, then SSLEngine
will require client side to present
certificates, if false
- will not.enabledCipherSuites
- Array of cipher names. Will be used to calculate enabled cipher suites as an
intersection of sets: (cipher suites supported by SSLEngine) x (cipherSuites)
.
Applicable to all security providers, although exact provider behavior may depend on
provider and/or OS configuration.
SSLEngine
public static SSLExtendedOptions createSSLExtendedOptions(boolean mutualTLS, java.lang.String[] enabledCipherSuites, java.lang.String[] enabledProtocols)
SSLContext
.
Example:
final boolean mutualTLS = true;
final String[] ciphers = new String[] {
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"};
final String[] protocols = new String[] {
"SSLv3",
TLSConfiguration.TLS_VERSION_1, // "TLSv1"
TLSConfiguration.TLS_VERSION_1_1, // "TLSv1.1"
TLSConfiguration.TLS_VERSION_1_2, // "TLSv1.2"
};
SSLExtendedOptions sslOpts = createSSLExtendedOptions(mutualTLS, ciphers);
Information on cipher names can be found in Java� Cryptography Architecture Standard Algorithm Name Documentation
mutualTLS
- Used only for server side, meaningless for client side.
If set to true
, then SSLEngine
will require client side to present
certificates, if false
- will not.enabledCipherSuites
- Array of cipher names. Will be used to calculate enabled cipher suites as an
intersection of sets: (cipher suites supported by SSLEngine) x (cipherSuites)
.
Applicable to all security providers, although exact provider behavior may depend on
provider and/or OS configuration.
SSLEngine
public static SSLExtendedOptions createSSLExtendedOptions(boolean mutualTLS, java.lang.String enabledCipherSuites)
SSLContext
.
Example:
final boolean mutualTLS = true;
final String ciphers = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA " +
"TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
SSLExtendedOptions sslOpts = createSSLExtendedOptions(mutualTLS, ciphers);
Information on cipher names can be found in Java� Cryptography Architecture Standard Algorithm Name Documentation
mutualTLS
- Used only for server side, meaningless for client side.
If set to true
, then SSLEngine
will require client side to present
certificates, if false
- will not.enabledCipherSuites
- Array of cipher names. Will be used to calculate enabled cipher suites as an intersection of sets:
(cipher suites supported by SSLEngine) x (cipherSuites)
.
Applicable to all security providers, although exact provider behavior may depend on
provider and/or OS configuration.enabledProtocols
- Array of protocol names. Will be used to calculate enabled protocols as an intersection of sets:
(protocols supported by SSLEngine) x (enabledProtocols)
.
Applicable to all security providers, although exact provider behavior may depend on
provider and/or OS configuration.
SSLEngine
public static SSLExtendedOptions createSSLExtendedOptions(boolean mutualTLS, java.lang.String enabledCipherSuites, java.lang.String enabledProtocols)
SSLContext
.
Example:
final boolean mutualTLS = true;
final String ciphers = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA " +
"TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
final String protocols = "SSLv3 TLSv1 TLSv1.1 TLSv1.2";
SSLExtendedOptions sslOpts = createSSLExtendedOptions(mutualTLS, ciphers, protocols);
Information on cipher names can be found in Java� Cryptography Architecture Standard Algorithm Name Documentation
mutualTLS
- Used only for server side, meaningless for client side.
If set to true
, then SSLEngine
will require client side to present
certificates, if false
- will not.enabledCipherSuites
- List of cipher names separated with
SSLExtendedOptions.CIPHER_LIST_SEPARATOR_CHAR
(currently space character
is used). Will be used to calculate enabled cipher suites as an intersection of sets:
(cipher suites supported by SSLEngine) x (cipherSuites)
.
Applicable to all security providers, although exact provider behavior may depend on
provider and/or OS configuration.enabledProtocols
- List of protocol names separated with
SSLExtendedOptions.PROTOCOL_LIST_SEPARATOR_CHAR
(currently space character
is used). Will be used to calculate enabled protocols as an intersection of sets:
(protocols supported by SSLEngine) x (enabledProtocols)
.
Applicable to all security providers, although exact provider behavior may depend on
provider and/or OS configuration.
SSLEngine
|
Platform SDK Java 8.5 API Reference | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |