Platform SDK Java 8.5 API Reference

com.genesyslab.platform.commons.connection.tls
Class SSLContextHelper

java.lang.Object
  extended by com.genesyslab.platform.commons.connection.tls.SSLContextHelper

public class SSLContextHelper
extends java.lang.Object

Helper class that provides methods for easy creation and configuration of SSLContext and SSLEngine instances.

See Also:
KeyManagerHelper, TrustManagerHelper

Constructor Summary
SSLContextHelper()
           
 
Method Summary
static javax.net.ssl.SSLContext createSSLContext(javax.net.ssl.KeyManager[] keyManagers, javax.net.ssl.TrustManager[] trustManagers, java.security.SecureRandom secureRandom)
          /** Extended helper method for SSLContext creation.
static javax.net.ssl.SSLContext createSSLContext(javax.net.ssl.KeyManager[] keyManagers, javax.net.ssl.TrustManager[] trustManagers, java.security.SecureRandom secureRandom, java.lang.String tlsVersion)
          /** Extended helper method for SSLContext creation.
static javax.net.ssl.SSLContext createSSLContext(javax.net.ssl.KeyManager keyManager, javax.net.ssl.TrustManager trustManager)
          Simplified helper method for SSLContext creation.
static SSLExtendedOptions createSSLExtendedOptions(boolean mutualTLS, java.lang.String enabledCipherSuites)
          Creates a container with additional TLS/SSL options that can not be set directly to SSLContext.
static SSLExtendedOptions createSSLExtendedOptions(boolean mutualTLS, java.lang.String[] enabledCipherSuites)
          Creates a container with additional TLS/SSL options that can not be set directly to SSLContext.
static SSLExtendedOptions createSSLExtendedOptions(boolean mutualTLS, java.lang.String[] enabledCipherSuites, java.lang.String[] enabledProtocols)
          Creates a container with additional TLS/SSL options that can not be set directly to SSLContext.
static SSLExtendedOptions createSSLExtendedOptions(boolean mutualTLS, java.lang.String enabledCipherSuites, java.lang.String enabledProtocols)
          Creates a container with additional TLS/SSL options that can not be set directly to SSLContext.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SSLContextHelper

public SSLContextHelper()
Method Detail

createSSLContext

public static javax.net.ssl.SSLContext createSSLContext(javax.net.ssl.KeyManager[] keyManagers,
                                                        javax.net.ssl.TrustManager[] trustManagers,
                                                        java.security.SecureRandom secureRandom,
                                                        java.lang.String tlsVersion)
                                                 throws java.security.GeneralSecurityException
/** Extended helper method for SSLContext creation.

Parameters:
keyManagers - KeyManager instances to be used. User can provide any KeyManagers besides those created using PSDK helpers. Can be null - Java will create and use default KeyManagers
trustManagers - TrustManager instances to be used. User can provide any TrustManagers besides those created using PSDK helpers. Can be null - Java will create and use default TrustManagers
secureRandom - SecureRandom instance, just in case it is needed to use specific one. Can be null - Java will create and use default instance.
tlsVersion - a TLS version which should be used in SSLContext.
If it is null then TLSConfiguration.TLS_VERSION_DEFAULT will be used.
You can use one of predefined constants
TLSConfiguration.TLS_VERSION_1,
TLSConfiguration.TLS_VERSION_1_1,
TLSConfiguration.TLS_VERSION_1_2.
Note: availability of a TLS version depends from system and JVM configuration and version.
Returns:
Configured SSLContext
Throws:
java.security.GeneralSecurityException - If there are problems creating/configuring SSLContext

createSSLContext

public static javax.net.ssl.SSLContext createSSLContext(javax.net.ssl.KeyManager[] keyManagers,
                                                        javax.net.ssl.TrustManager[] trustManagers,
                                                        java.security.SecureRandom secureRandom)
                                                 throws java.security.GeneralSecurityException
/** Extended helper method for SSLContext creation.

Parameters:
keyManagers - KeyManager instances to be used. User can provide any KeyManagers besides those created using PSDK helpers. Can be null - Java will create and use default KeyManagers
trustManagers - TrustManager instances to be used. User can provide any TrustManagers besides those created using PSDK helpers. Can be null - Java will create and use default TrustManagers
secureRandom - SecureRandom instance, just in case it is needed to use specific one. Can be null - Java will create and use default instance.
Returns:
Configured SSLContext
Throws:
java.security.GeneralSecurityException - If there are problems creating/configuring SSLContext

createSSLContext

public static javax.net.ssl.SSLContext createSSLContext(javax.net.ssl.KeyManager keyManager,
                                                        javax.net.ssl.TrustManager trustManager)
                                                 throws java.security.GeneralSecurityException
Simplified helper method for SSLContext creation.

Parameters:
keyManager - KeyManager instance. Can be one created using KeyManagerHelper or any other one. Can be null - Java will create and use default KeyManagers.
trustManager - TrustManager instance. Can be one created using TrustManagerHelper or any other one. Can be null - Java will create and use default TrustManagers.
Returns:
Configured SSLContext
Throws:
java.security.GeneralSecurityException - If there are problems creating/configuring SSLContext

createSSLExtendedOptions

public static SSLExtendedOptions createSSLExtendedOptions(boolean mutualTLS,
                                                          java.lang.String[] enabledCipherSuites)
Creates a container with additional TLS/SSL options that can not be set directly to SSLContext.

Example:

     final boolean mutualTLS = true;
     final String[] ciphers = new String[] {
             "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
             "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
             "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"};
     SSLExtendedOptions sslOpts = createSSLExtendedOptions(mutualTLS, ciphers);
 

Information on cipher names can be found in Java� Cryptography Architecture Standard Algorithm Name Documentation

Parameters:
mutualTLS - Used only for server side, meaningless for client side. If set to true, then SSLEngine will require client side to present certificates, if false - will not.
enabledCipherSuites - Array of cipher names. Will be used to calculate enabled cipher suites as an intersection of sets: (cipher suites supported by SSLEngine) x (cipherSuites). Applicable to all security providers, although exact provider behavior may depend on provider and/or OS configuration.
Returns:
SSLExtendedOptions instance containing provided options.
See Also:
SSLEngine

createSSLExtendedOptions

public static SSLExtendedOptions createSSLExtendedOptions(boolean mutualTLS,
                                                          java.lang.String[] enabledCipherSuites,
                                                          java.lang.String[] enabledProtocols)
Creates a container with additional TLS/SSL options that can not be set directly to SSLContext.

Example:

     final boolean mutualTLS = true;
     final String[] ciphers = new String[] {
             "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
             "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
             "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"};
     final String[] protocols = new String[] {
             "SSLv3",
             TLSConfiguration.TLS_VERSION_1, // "TLSv1"
             TLSConfiguration.TLS_VERSION_1_1, // "TLSv1.1"
             TLSConfiguration.TLS_VERSION_1_2, // "TLSv1.2"
             };
     SSLExtendedOptions sslOpts = createSSLExtendedOptions(mutualTLS, ciphers);
 

Information on cipher names can be found in Java� Cryptography Architecture Standard Algorithm Name Documentation

Parameters:
mutualTLS - Used only for server side, meaningless for client side. If set to true, then SSLEngine will require client side to present certificates, if false - will not.
enabledCipherSuites - Array of cipher names. Will be used to calculate enabled cipher suites as an intersection of sets: (cipher suites supported by SSLEngine) x (cipherSuites). Applicable to all security providers, although exact provider behavior may depend on provider and/or OS configuration.
Returns:
SSLExtendedOptions instance containing provided options.
See Also:
SSLEngine

createSSLExtendedOptions

public static SSLExtendedOptions createSSLExtendedOptions(boolean mutualTLS,
                                                          java.lang.String enabledCipherSuites)
Creates a container with additional TLS/SSL options that can not be set directly to SSLContext.

Example:

     final boolean mutualTLS = true;
     final String ciphers = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA " +
             "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
     SSLExtendedOptions sslOpts = createSSLExtendedOptions(mutualTLS, ciphers);
 

Information on cipher names can be found in Java� Cryptography Architecture Standard Algorithm Name Documentation

Parameters:
mutualTLS - Used only for server side, meaningless for client side. If set to true, then SSLEngine will require client side to present certificates, if false - will not.
enabledCipherSuites - Array of cipher names. Will be used to calculate enabled cipher suites as an intersection of sets: (cipher suites supported by SSLEngine) x (cipherSuites). Applicable to all security providers, although exact provider behavior may depend on provider and/or OS configuration.
enabledProtocols - Array of protocol names. Will be used to calculate enabled protocols as an intersection of sets: (protocols supported by SSLEngine) x (enabledProtocols). Applicable to all security providers, although exact provider behavior may depend on provider and/or OS configuration.
Returns:
SSLExtendedOptions instance containing provided options.
See Also:
SSLEngine

createSSLExtendedOptions

public static SSLExtendedOptions createSSLExtendedOptions(boolean mutualTLS,
                                                          java.lang.String enabledCipherSuites,
                                                          java.lang.String enabledProtocols)
Creates a container with additional TLS/SSL options that can not be set directly to SSLContext.

Example:

     final boolean mutualTLS = true;
     final String ciphers = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA " +
             "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
     final String protocols = "SSLv3 TLSv1 TLSv1.1 TLSv1.2";
     SSLExtendedOptions sslOpts = createSSLExtendedOptions(mutualTLS, ciphers, protocols);
 

Information on cipher names can be found in Java� Cryptography Architecture Standard Algorithm Name Documentation

Parameters:
mutualTLS - Used only for server side, meaningless for client side. If set to true, then SSLEngine will require client side to present certificates, if false - will not.
enabledCipherSuites - List of cipher names separated with SSLExtendedOptions.CIPHER_LIST_SEPARATOR_CHAR (currently space character is used). Will be used to calculate enabled cipher suites as an intersection of sets: (cipher suites supported by SSLEngine) x (cipherSuites). Applicable to all security providers, although exact provider behavior may depend on provider and/or OS configuration.
enabledProtocols - List of protocol names separated with SSLExtendedOptions.PROTOCOL_LIST_SEPARATOR_CHAR (currently space character is used). Will be used to calculate enabled protocols as an intersection of sets: (protocols supported by SSLEngine) x (enabledProtocols). Applicable to all security providers, although exact provider behavior may depend on provider and/or OS configuration.
Returns:
SSLExtendedOptions instance containing provided options.
See Also:
SSLEngine

Platform SDK Java 8.5 API Reference

Send comments on this topicTechpubs.webadmin@genesys.com.
Document version: 8.5.302.00
Copyright © 2006–2017 Genesys Telecommunications Laboratories, Inc. All rights reserved.