|
Platform SDK Java 8.5 API Reference | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectcom.genesyslab.platform.commons.connection.tls.TLSConfiguration
public class TLSConfiguration
Describes TLS configuration options used in Genesys products deployment and supported by PSDK Commons.
WARNING: If you set up only "tls" option flag in a client application configuration then an encrypted connection will be established but no TLS authentication and certificate validation will be performed.
Example. How to use TLSConfiguration:
TLSConfiguration tlsConfig = new TLSConfiguration(); tlsConfig.setTlsEnabled(true); tlsConfig.setClientMode(true); // ... Endpoint endpoint = new Endpoint(HOST, PORT, connConfig, true, tlsConfig.createSslContext(), tlsConfig.createSslExtendedOptions()); UniversalContactServerProtocol ucs = new UniversalContactServerProtocol(endpoint); ucs.open(); //...
Note: Only shallow cloning is implemented.
TLSConfigurationHelper
,
TLSConfigurationParser
Field Summary | |
---|---|
static java.lang.String |
SSL_VERSION_2_HELLO
SSL version 2 hello Note: it's availability depends from OS and JVM configuration and version. |
static java.lang.String |
SSL_VERSION_3
SSL version 3 Note: it's availability depends from OS and JVM configuration and version. |
static java.lang.String |
SSL_VERSION_DEFAULT
SSL version default Note: it's availability depends from OS and JVM configuration and version. |
static java.lang.String |
TLS_PROVIDER_JKS
Predefined value for TLSProvider field. |
static java.lang.String |
TLS_PROVIDER_MSCAPI
Predefined value for TLSProvider field. |
static java.lang.String |
TLS_PROVIDER_PEM_FILE
Predefined value for TLSProvider field. |
static java.lang.String |
TLS_PROVIDER_PKCS11
Predefined value for TLSProvider field. |
static java.lang.String |
TLS_VERSION_1
TLS version 1.0 Note: it's availability depends from OS and JVM configuration and version. |
static java.lang.String |
TLS_VERSION_1_1
TLS version 1.1 Note: it's availability depends from OS and JVM configuration and version. |
static java.lang.String |
TLS_VERSION_1_2
TLS version 1.2 Note: it's availability depends from OS and JVM configuration and version. |
static java.lang.String |
TLS_VERSION_DEFAULT
TLS default version (depends from System and JVM configuration) |
Constructor Summary | |
---|---|
TLSConfiguration()
|
Method Summary | |
---|---|
java.lang.Object |
clone()
|
javax.net.ssl.SSLContext |
createSslContext()
Prepares SSLContext that can be then used to create Endpoints. |
SSLExtendedOptions |
createSslExtendedOptions()
Prepares SSLExtendedOptions instance that can be then used to create Endpoints. |
static java.lang.String |
enabledProtocols2sec(java.lang.String enabledProtocols)
|
java.lang.String |
getCertificate()
|
java.lang.String |
getCertificateKey()
|
java.lang.String |
getCipherList()
Gets list of cipher names separated by space character that will be used to calculate enabled cipher suites as an intersection of sets: (cipher suites supported by SSLEngine) x (cipherSuites). |
java.lang.String |
getCrl()
|
java.lang.String |
getEnabledProtocols()
Gets list of protocol names separated by space character that can be used |
java.lang.String |
getExpectedHostname()
|
javax.security.auth.callback.CallbackHandler |
getKeyStoreCallbackHandler()
|
javax.security.auth.callback.CallbackHandler |
getKeyStoreEntryCallbackHandler()
Gets CallbackHandler instance used to provide password to access key store entry containing key/certificate for
this side. |
java.lang.String |
getProvider()
Gets security provider, for key manager and trust manager, to be used. |
java.lang.String |
getSecProtocol()
It's virtual property. |
java.lang.String |
getTrustedCaCertificate()
|
javax.security.auth.callback.CallbackHandler |
getTrustStoreCallbackHandler()
|
java.lang.String |
getVersion()
Gets security protocol that must be used if property isTlsEnabled() returns true. |
boolean |
isClientMode()
|
boolean |
isFips140Enabled()
|
boolean |
isMutual()
|
boolean |
isTargetNameCheckEnabled()
|
boolean |
isTlsEnabled()
Returns TLS usage flag for the connection. True value means that TLS should be started before any protocol communications with server. |
static java.lang.String |
sec2EnabledProtocols(java.lang.String secProtocol)
|
static java.lang.String |
sec2Version(java.lang.String secProtocol)
|
void |
setCertificate(java.lang.String certificate)
Sets path to certificate file for PEM security provider or certificate thumbprint for MSCAPI provider. |
void |
setCertificateKey(java.lang.String certificateKey)
Sets path to certificate key file. |
void |
setCipherList(java.lang.String cipherList)
Sets list of cipher names separated by space character that will be used to calculate enabled cipher suites as an intersection of sets: (cipher suites supported by SSLEngine) x (cipherSuites). |
void |
setClientMode(boolean clientMode)
Sets whether TLS shall be used by client side or by server side of the connection. |
void |
setCrl(java.lang.String crl)
Sets path to certificate revocation list (CRL) file. |
void |
setEnabledProtocols(java.lang.String... enabledProtocolList)
Sets enabled list of protocols that supported by the protocol that was set using setVersion(String) |
void |
setEnabledProtocols(java.lang.String enabledProtocolList)
Sets enabled list of protocols that supported by the protocol that was set using setVersion(String) |
void |
setExpectedHostname(java.lang.String expectedHostname)
Sets host name or IP address to check host name contained in a peer certificate against it. |
void |
setFips140Enabled(boolean fips140Enabled)
Sets flag that requests usage of PKCS#11 security provider in FIPS mode. |
void |
setKeyStoreCallbackHandler(javax.security.auth.callback.CallbackHandler keyStoreCallbackHandler)
Set CallbackHandler instance used to provide password to access key store containing key/certificate for
this side. |
void |
setKeyStoreEntryCallbackHandler(javax.security.auth.callback.CallbackHandler keyStoreEntryCallbackHandler)
Sets CallbackHandler instance used to provide password to access key store entry containing key/certificate for
this side. |
void |
setMutual(boolean mutual)
Applicable for server application only. |
void |
setProvider(java.lang.String provider)
Allows explicit setting of security provider, for key manager and trust manager, to be used. |
void |
setSecProtocol(java.lang.String value)
It's virtual property. |
void |
setTargetNameCheckEnabled(boolean targetNameCheckEnabled)
Controls whether peer certificate should be checked for host name match. |
void |
setTlsEnabled(boolean tlsEnabled)
Sets TLS usage flag for the connection. |
void |
setTrustedCaCertificate(java.lang.String trustedCaCertificate)
Sets path to CA certificate file. |
void |
setTrustStoreCallbackHandler(javax.security.auth.callback.CallbackHandler trustStoreCallbackHandler)
Set CallbackHandler instance used to provide password to access store containing trusted CA
certificate. |
void |
setVersion(java.lang.String protocol)
Sets security protocol that must be used for secured communications. |
Methods inherited from class java.lang.Object |
---|
equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final java.lang.String TLS_VERSION_DEFAULT
public static final java.lang.String TLS_VERSION_1
public static final java.lang.String TLS_VERSION_1_1
public static final java.lang.String TLS_VERSION_1_2
public static final java.lang.String SSL_VERSION_3
public static final java.lang.String SSL_VERSION_2_HELLO
public static final java.lang.String SSL_VERSION_DEFAULT
public static final java.lang.String TLS_PROVIDER_PEM_FILE
Predefined value for TLSProvider field. Signals that keys and certificates are contained in PEM files and Java built-in security provider should be used.
public static final java.lang.String TLS_PROVIDER_PKCS11
Predefined value for TLSProvider field. Signals that PKCS#11 security provider (e.g. Mozilla NSS) should be used.
public static final java.lang.String TLS_PROVIDER_MSCAPI
Predefined value for TLSProvider field. Signals that MSCAPI security provider (Windows Certificate Services) should be used.
Note: this provider is only available since Java 6 32bit and Java 7 32bit and 64bit.
public static final java.lang.String TLS_PROVIDER_JKS
Predefined value for TLSProvider field. Signals that JKS security provider (native java keystore format) should be used.
Constructor Detail |
---|
public TLSConfiguration()
Method Detail |
---|
public static java.lang.String sec2EnabledProtocols(java.lang.String secProtocol)
public static java.lang.String sec2Version(java.lang.String secProtocol)
public static java.lang.String enabledProtocols2sec(java.lang.String enabledProtocols)
public javax.net.ssl.SSLContext createSslContext()
java.lang.SecurityException
- if TLS parameters are inconsistent, not valid or
do not match OS/Java configuration.TLSConfigurationParser
public SSLExtendedOptions createSslExtendedOptions()
TLSConfigurationParser
public boolean isTlsEnabled()
false
.
To control what security protocol should be used see getVersion()
.
Connection#TLS_KEY} = "TLS"
,
AbstractConnectionConfiguration#isTLSEnabled()}
,
AbstractConnectionConfiguration#setTLSEnabled(boolean)}
public void setTlsEnabled(boolean tlsEnabled)
Sets TLS usage flag for the connection.
See details isTlsEnabled()
tlsEnabled
- If set to true
, TLS shall be started before any protocol communications.
If set to false
, TLS will not be started immediately but can be started by
protocol if TLS port upgrade feature is used.public java.lang.String getProvider()
public void setProvider(java.lang.String provider)
Allows explicit setting of security provider, for key manager and trust manager, to be used.
Security provider can be determined implicitly by certificate or CA certificate values.
For example, setting file path to TLSCertificate
will imply PEM provider and setting
hexadecimal string will imply MSCAPI provider. But in some cases this is not a desired behavior.
Explicit provider setting is useful if user can not or does not provide values for TLSCertificate
,
TLSTrustedCaCertificate
, and/or TLSFips140Enabled
fields. For example, MSCAPI and PKCS#11
providers keep certificates and keys in their internal databases and automatically find suitable ones.
provider
- Currently supported values are TLS_PROVIDER_PEM_FILE
, TLS_PROVIDER_PKCS11
,
and TLS_PROVIDER_MSCAPI
.public java.lang.String getCertificate()
public void setCertificate(java.lang.String certificate)
Sets path to certificate file for PEM security provider or certificate thumbprint for MSCAPI provider.
Has no meaning for PKCS#11 provider, since it does not allow explicit certificate selection.
Examples:
// MSCAPI provider: whitespace symbols are okay, they are filtered out
setTlsCertificate("4A 3F E5 08 48 3A 00 71 8E E6 C1 34 56 A4 48 34 55 49 D9 0E");
// PEM provider:
setTlsCertificate("c:/certificates/server-cert.pem");
certificate
- For PEM security provider, sets path to an existing file containing certificate in
PEM-encoded X.509 format. For MSCAPI security provider, sets hexadecimal thumbprint
(SHA1 hash of signed certificate data) used to identify entry in
Windows Certificate Services.public java.lang.String getCertificateKey()
public void setCertificateKey(java.lang.String certificateKey)
Sets path to certificate key file.
Applicable for PEM security provider only. Has no meaning for PKCS#11 and MSCAPI providers. PKCS#11 does not allow explicit selection of certificates and keys. MSCAPI provider keeps key attached to corresponding certificate.
Example:
// PEM provider:
setTlsCertificateKey("c:/certificates/server-cert-key.pem");
certificateKey
- For PEM security provider, sets path to an existing file containing private key in
PEM-encoded PKCS#8 format.public java.lang.String getTrustedCaCertificate()
public void setTrustedCaCertificate(java.lang.String trustedCaCertificate)
Sets path to CA certificate file.
Applicable for PEM security provider only. Has no meaning for PKCS#11 and MSCAPI providers. PKCS#11 does not allow explicit selection of CA certificate. MSCAPI provider keeps list of CA certificates and selects one automatically.
Example:
// PEM provider:
setTlsTrustedCaCertificate("c:/certificates/ca-cert.pem");
trustedCaCertificate
- For PEM security provider, sets path to file in X.509 PEM format to read CA
certificate from.public boolean isMutual()
public void setMutual(boolean mutual)
Applicable for server application only. Controls whether server will check if clients have valid certificates.
mutual
- true
- server will require connecting client to present a valid certificate,
false
- server will not require client certificate.public java.lang.String getCrl()
public void setCrl(java.lang.String crl)
Sets path to certificate revocation list (CRL) file. Only file-based CRLs in PEM format are supported.
Applicable to all security providers.
Example:
setTlsCrl("c:/certificates/ca-crl.pem");
crl
- Path to CRL file in PEM format to read CRL data from. Can be null - in this case CRL will not
be used.public boolean isTargetNameCheckEnabled()
public void setTargetNameCheckEnabled(boolean targetNameCheckEnabled)
Controls whether peer certificate should be checked for host name match.
Applicable to PEM and MSCAPI providers. PKCS#11 provider does not allow custom certificate validation.
targetNameCheckEnabled
- true
- host name check will be performed,
false
- any host name in certificate will be accepted.setExpectedHostname(String)
public java.lang.String getCipherList()
Gets list of cipher names separated by space character that will be used to calculate enabled cipher suites as an intersection of sets: (cipher suites supported by SSLEngine) x (cipherSuites).
Applicable to all security providers, although exact provider behavior may depend on provider and/or OS configuration.
Example:
setTlsCipherList("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA " +
"TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA");
Information on cipher names can be found in
Java TM Cryptography Architecture Standard Algorithm Name Documentation
To retrieve what cipher are supported for specified security protocol you can use next code:
SSLContext context = SSLContext.getInstance("TLSv1.2"); SSLEngine ssle = context.createSSLEngine(); String[] supportedCipherSuites = ssle.getSupportedCipherSuites();
cipherList
- List of cipher names separated by space character.SSLEngine
,
TLSConfiguration#getProtocol()}
public void setCipherList(java.lang.String cipherList)
Sets list of cipher names separated by space character that will be used to calculate enabled cipher suites as an intersection of sets: (cipher suites supported by SSLEngine) x (cipherSuites).
Applicable to all security providers, although exact provider behavior may depend on provider and/or OS configuration.
Example:
setTlsCipherList("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA " +
"TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA");
Information on cipher names can be found in
Java TM Cryptography Architecture Standard Algorithm Name Documentation
To retrieve what cipher are supported for specified security protocol you can use next code:
SSLContext context = SSLContext.getInstance("TLSv1.2"); SSLEngine ssle = context.createSSLEngine(); String[] supportedCipherSuites = ssle.getSupportedCipherSuites();
cipherList
- List of cipher names separated by space character.SSLEngine
,
TLSConfiguration#getProtocol()}
public boolean isFips140Enabled()
public void setFips140Enabled(boolean fips140Enabled)
Sets flag that requests usage of PKCS#11 security provider in FIPS mode.
fips140Enabled
- true
- implies usage of PKCS11 provider in FIPS mode,
false
- Platform SDK will throw exception on attempt to use
non-PKCS11 provider.public javax.security.auth.callback.CallbackHandler getKeyStoreCallbackHandler()
public void setKeyStoreCallbackHandler(javax.security.auth.callback.CallbackHandler keyStoreCallbackHandler)
Set CallbackHandler
instance used to provide password to access key store containing key/certificate for
this side.
Must be always provided, can not be null
. Use DummyCallbackHandler instance if no password is
required.
If the same store is used for both key/certificate and trusted CA certificate then the same callback handler can be used.
Example:
setKeyStoreCallbackHandler(new DummyCallbackHandler());
// or,
setKeyStoreCallbackHandler(new CallbackHandler() {
public void handle(Callback[] callbacks) {
final char[] password = new char[] {'p', 'a', 's', 's', 'w', 'o', 'r', 'd'};
for (Callback c : callbacks) {
if (c instanceof PasswordCallback) {
((PasswordCallback) c).setPassword(password);
}
}
}
}
);
keyStoreCallbackHandler
- CallbackHandler
instance for key/certificate key store.public javax.security.auth.callback.CallbackHandler getTrustStoreCallbackHandler()
public void setTrustStoreCallbackHandler(javax.security.auth.callback.CallbackHandler trustStoreCallbackHandler)
Set CallbackHandler
instance used to provide password to access store containing trusted CA
certificate.
Must be always provided, can not be null
. Use DummyCallbackHandler instance if no password is
required.
If the same store is used for both key/certificate and trusted CA certificate then the same callback handler can be used.
Example:
setKeyStoreCallbackHandler(new DummyCallbackHandler());
// or,
setKeyStoreCallbackHandler(new CallbackHandler() {
public void handle(Callback[] callbacks) {
final char[] password = new char[] {'p', 'a', 's', 's', 'w', 'o', 'r', 'd'};
for (Callback c : callbacks) {
if (c instanceof PasswordCallback) {
((PasswordCallback) c).setPassword(password);
}
}
}
}
);
trustStoreCallbackHandler
- CallbackHandler
instance for trusted CA certificate store.public java.lang.String getExpectedHostname()
public void setExpectedHostname(java.lang.String expectedHostname)
Sets host name or IP address to check host name contained in a peer certificate against it. Check is performed when "expectedHostname" has non-null value.
A peer certificate is first checked for an "Alternative Name" extension to get host name from it. If no such extension is found, certificate's "Distinguished Name" field is searched for host name. Resulting certificate host name is matched to expectedHostname. If expectedHostname contains IP address, strict char-to-char match is used. If expectedHostname contains DNS name, wildcards can be used.
Example:
setExpectedHostname("foo.bar.com");
// Wildcards can be used; "foo.bar.com" will match the following patterns:
setExpectedHostname("*.bar.com");
setExpectedHostname("foo.*.com");
// Wildcard can match only one level in domain name.
// "foo.bar.com" will NOT match the following patterns:
setExpectedHostname("*");
setExpectedHostname("*.com");
// IP addresses can be used. They imply exact char-to-char matching:
setExpectedHostname("192.168.1.1");
setExpectedHostname("127.0.0.1");
setExpectedHostname("::");
setExpectedHostname("::ffff:192.168.1.1");
setExpectedHostname("2001:DB8::CAFE");
expectedHostname
- DNS name or IP address to match certificate against. Can be null
,
in this case no check will be performed.setTargetNameCheckEnabled(boolean)
public boolean isClientMode()
public void setClientMode(boolean clientMode)
Sets whether TLS shall be used by client side or by server side of the connection. In the end, this setting
will be passed to SSLEngine
instance used to support TLS and affect TLS protocol behavior. In particular,
this flag defines which side will start TLS negotiation upon connection.
Note: TLSConfigurationParser
sets this flag automatically.
clientMode
- If set to true
, TLS will be configured for client-side behavior,
if set to false
- for server-side behavior.TLSConfigurationParser
public java.lang.String getVersion()
isTlsEnabled()
returns true.
WARNING: this property doesn't warrant using of exactly the same protocol as defined.
See details at setVersion(String)
AbstractConnectionConfiguration.getTLSVersion()
,
AbstractConnectionConfiguration.getTLSVersion()
public void setVersion(java.lang.String protocol)
Information on protocol names can be found in
Java TM Cryptography Architecture Standard Algorithm Name Documentation
You can use the predefined constants:
TLS_VERSION_DEFAULT
; TLS_VERSION_1
; TLS_VERSION_1_1
; TLS_VERSION_1_2
;
SSL_VERSION_DEFAULT
; #SSL_VERSION_2
; SSL_VERSION_3
;
If this property is set to null then "TLS" value will be used
i.e a default TLS version will be chosen by security provider.
WARNING: "TLSv1.2" is default TLS version since Java 8.
But in earlier java versions the default TLS version is "TLSv1".
WARNING: this property doesn't warrant using of exactly the same protocol as defined.
Because any protocol can support many protocols (for example earlier versions) and allows to use them.
Use setEnabledProtocols(String)
to control what protocols can be used.
To retrieve list of supported protocols by some implementation you can use next code:
SSLContext context = SSLContext.getInstance("TLSv1.2"); sslContext.init( new KeyManager[]{KeyManagerHelper.createEmptyKeyManager()}, new TrustManager[]{TrustManagerHelper.createTrustEveryoneTrustManager()}, new SecureRandom()); SSLEngine ssle = context.createSSLEngine(); String[] supportedProtocols = ssle.getSupportedProtocols();
INFO: On JDK7 "TLSv1.2" protocol implementation supports: "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2".
NOTE: TLSv1.2 is available by default since Java 7.
But it can be made available in earlier java version on windows
using java control panel in "advanced" tab by checking the option "use TLS 1.2".
This property is used for SSLContext creation in the follow way:
SSLContext.getInstance(getVersion()
)
Information on JDK security providers (that provide security protocols) can be found in
JCA Oracle Providers Documentation
Set of available security protocols depends on security providers that them provide
and these security providers are defined in {JDK}\jre\lib\security\java.security" file.
You can change their priority (order) or add/remove some ones.
protocol
- security protocol name.public java.lang.String getEnabledProtocols()
Gets list of protocol names separated by space character that can be used
See details at setEnabledProtocols(String)
SSLEngine
public void setEnabledProtocols(java.lang.String enabledProtocolList)
Sets enabled list of protocols that supported by the protocol that was set using setVersion(String)
The most of security protocols enable using earlier versions of the protocol.
And this method is provided to limit list of protocols that can be used.
For example. On Java 7 protocol "TLSv1.2" enables to use follow protocols:
"SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2".
Example:
setEnabledProtocols("TLSv1 TLSv1.1 TLSv1.2");
Information on protocol names can be found in
Java TM Cryptography Architecture Standard Algorithm Name Documentation for J2SE 8
To retrieve what protocols are supported for specified security protocol you can use next code:
SSLContext context = SSLContext.getInstance("TLSv1.2"); sslContext.init( new KeyManager[]{KeyManagerHelper.createEmptyKeyManager()}, new TrustManager[]{TrustManagerHelper.createTrustEveryoneTrustManager()}, new SecureRandom()); SSLEngine ssle = context.createSSLEngine(); String[] supportedProtocols = ssle.getSupportedProtocols();
enabledProtocolList
- List of protocol names separated by space character.SSLEngine
public void setEnabledProtocols(java.lang.String... enabledProtocolList)
Sets enabled list of protocols that supported by the protocol that was set using setVersion(String)
The most of security protocols enable using earlier versions of the protocol.
And this method is provided to limit list of protocols that can be used.
For example. On Java 7 protocol "TLSv1.2" enables to use follow protocols:
"SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2".
Example:
setEnabledProtocols("TLSv1","TLSv1.1","TLSv1.2");
Information on protocol names can be found in
Java TM Cryptography Architecture Standard Algorithm Name Documentation for J2SE 8
To retrieve what protocols are supported for specified security protocol you can use next code:
SSLContext context = SSLContext.getInstance("TLSv1.2"); sslContext.init( new KeyManager[]{KeyManagerHelper.createEmptyKeyManager()}, new TrustManager[]{TrustManagerHelper.createTrustEveryoneTrustManager()}, new SecureRandom()); SSLEngine ssle = context.createSSLEngine(); String[] supportedProtocols = ssle.getSupportedProtocols();
enabledProtocolList
- List of protocol names.SSLEngine
public java.lang.String getSecProtocol()
public void setSecProtocol(java.lang.String value)
value
- supported values: "SSLv23", "SSLv3", "TLSv1", "TLSv11", "TLSv12".
java.lang.IllegalArgumentException
- if an unsupported value is passed as the argument.public java.lang.Object clone()
clone
in class java.lang.Object
public javax.security.auth.callback.CallbackHandler getKeyStoreEntryCallbackHandler()
Gets CallbackHandler
instance used to provide password to access key store entry containing key/certificate for
this side.
NOTE: if it isn't assigned (is null) then getKeyStoreCallbackHandler()
is used.
CallbackHandler
instance used to provide password to access key store entry containing key/certificate for
this side.public void setKeyStoreEntryCallbackHandler(javax.security.auth.callback.CallbackHandler keyStoreEntryCallbackHandler)
Sets CallbackHandler
instance used to provide password to access key store entry containing key/certificate for
this side.
NOTE: if it isn't assigned (is null) then getKeyStoreCallbackHandler()
is used.
If the same store is used for both key/certificate and trusted CA certificate then the same callback handler can be used.
Example:
setKeyStoreEntryCallbackHandler(new DummyCallbackHandler());
// or,
setKeyStoreEntryCallbackHandler(new CallbackHandler() {
public void handle(Callback[] callbacks) {
final char[] password = new char[] {'p', 'a', 's', 's', 'w', 'o', 'r', 'd'};
for (Callback c : callbacks) {
if (c instanceof PasswordCallback) {
((PasswordCallback) c).setPassword(password);
}
}
}
}
);
keyStoreEntryCallbackHandler
- CallbackHandler
instance for key/certificate key store entry.
|
Platform SDK Java 8.5 API Reference | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |