public class SSLContextHelper
extends java.lang.Object
KeyManagerHelper
,
TrustManagerHelper
Constructor | Description |
---|---|
SSLContextHelper() |
Modifier and Type | Method | Description |
---|---|---|
static javax.net.ssl.SSLContext |
createSSLContext(javax.net.ssl.KeyManager[] keyManagers,
javax.net.ssl.TrustManager[] trustManagers,
java.security.SecureRandom secureRandom) |
Extended helper method for SSLContext creation.
|
static javax.net.ssl.SSLContext |
createSSLContext(javax.net.ssl.KeyManager[] keyManagers,
javax.net.ssl.TrustManager[] trustManagers,
java.security.SecureRandom secureRandom,
java.lang.String tlsVersion) |
Extended helper method for SSLContext creation.
|
static javax.net.ssl.SSLContext |
createSSLContext(javax.net.ssl.KeyManager[] keyManagers,
javax.net.ssl.TrustManager[] trustManagers,
java.security.SecureRandom secureRandom,
java.lang.String tlsVersion,
java.lang.String sslContextProvider) |
Extended helper method for SSLContext creation.
|
static javax.net.ssl.SSLContext |
createSSLContext(javax.net.ssl.KeyManager keyManager,
javax.net.ssl.TrustManager trustManager) |
Simplified helper method for SSLContext creation.
|
static SSLExtendedOptions |
createSSLExtendedOptions(boolean mutualTLS,
java.lang.String enabledCipherSuites) |
Creates a container with additional TLS/SSL options that can not be set directly to
SSLContext . |
static SSLExtendedOptions |
createSSLExtendedOptions(boolean mutualTLS,
java.lang.String[] enabledCipherSuites) |
Creates a container with additional TLS/SSL options that can not be set directly to
SSLContext . |
static SSLExtendedOptions |
createSSLExtendedOptions(boolean mutualTLS,
java.lang.String[] enabledCipherSuites,
java.lang.String[] enabledProtocols) |
Creates a container with additional TLS/SSL options that can not be set directly to
SSLContext . |
static SSLExtendedOptions |
createSSLExtendedOptions(boolean mutualTLS,
java.lang.String enabledCipherSuites,
java.lang.String enabledProtocols) |
Creates a container with additional TLS/SSL options that can not be set directly to
SSLContext . |
public static javax.net.ssl.SSLContext createSSLContext(javax.net.ssl.KeyManager[] keyManagers, javax.net.ssl.TrustManager[] trustManagers, java.security.SecureRandom secureRandom, java.lang.String tlsVersion, java.lang.String sslContextProvider) throws java.security.GeneralSecurityException
keyManagers
- KeyManager instances to be used. User can provide any KeyManagers
besides those created using PSDK helpers. Can be null - Java will create and
use default KeyManagerstrustManagers
- TrustManager instances to be used. User can provide any TrustManagers
besides those created using PSDK helpers. Can be null - Java will create and
use default TrustManagerssecureRandom
- SecureRandom instance, just in case it is needed to use specific one.
Can be null - Java will create and use default instance.tlsVersion
- a TLS version which should be used in SSLContext.
TLSConfiguration.TLS_VERSION_DEFAULT
will be used.
TLSConfiguration.TLS_VERSION_1
,
TLSConfiguration.TLS_VERSION_1_1
,
TLSConfiguration.TLS_VERSION_1_2
.
sslContextProvider
- name of JCA security provider. Its default value is null.
It means that any provider according to the priority order
specified in java.security file will be used.java.security.GeneralSecurityException
- If there are problems creating/configuring SSLContextpublic static javax.net.ssl.SSLContext createSSLContext(javax.net.ssl.KeyManager[] keyManagers, javax.net.ssl.TrustManager[] trustManagers, java.security.SecureRandom secureRandom, java.lang.String tlsVersion) throws java.security.GeneralSecurityException
keyManagers
- KeyManager instances to be used. User can provide any KeyManagers
besides those created using PSDK helpers. Can be null - Java will create and
use default KeyManagerstrustManagers
- TrustManager instances to be used. User can provide any TrustManagers
besides those created using PSDK helpers. Can be null - Java will create and
use default TrustManagerssecureRandom
- SecureRandom instance, just in case it is needed to use specific one.
Can be null - Java will create and use default instance.tlsVersion
- a TLS version which should be used in SSLContext.
TLSConfiguration.TLS_VERSION_DEFAULT
will be used.
TLSConfiguration.TLS_VERSION_1
,
TLSConfiguration.TLS_VERSION_1_1
,
TLSConfiguration.TLS_VERSION_1_2
.
java.security.GeneralSecurityException
- If there are problems creating/configuring SSLContextpublic static javax.net.ssl.SSLContext createSSLContext(javax.net.ssl.KeyManager[] keyManagers, javax.net.ssl.TrustManager[] trustManagers, java.security.SecureRandom secureRandom) throws java.security.GeneralSecurityException
keyManagers
- KeyManager instances to be used. User can provide any KeyManagers
besides those created using PSDK helpers. Can be null - Java will create and
use default KeyManagerstrustManagers
- TrustManager instances to be used. User can provide any TrustManagers
besides those created using PSDK helpers. Can be null - Java will create and
use default TrustManagerssecureRandom
- SecureRandom instance, just in case it is needed to use specific one.
Can be null - Java will create and use default instance.java.security.GeneralSecurityException
- If there are problems creating/configuring SSLContextpublic static javax.net.ssl.SSLContext createSSLContext(javax.net.ssl.KeyManager keyManager, javax.net.ssl.TrustManager trustManager) throws java.security.GeneralSecurityException
keyManager
- KeyManager instance. Can be one created using KeyManagerHelper or any
other one. Can be null - Java will create and use default KeyManagers.trustManager
- TrustManager instance. Can be one created using TrustManagerHelper or
any other one. Can be null - Java will create and use default TrustManagers.java.security.GeneralSecurityException
- If there are problems creating/configuring SSLContextpublic static SSLExtendedOptions createSSLExtendedOptions(boolean mutualTLS, java.lang.String[] enabledCipherSuites)
SSLContext
.
Example:
final boolean mutualTLS = true;
final String[] ciphers = new String[] {
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"};
SSLExtendedOptions sslOpts = createSSLExtendedOptions(mutualTLS, ciphers);
Information on cipher names can be found in Java� Cryptography Architecture Standard Algorithm Name Documentation
mutualTLS
- Used only for server side, meaningless for client side.
If set to true
, then SSLEngine
will require client side to present
certificates, if false
- will not.enabledCipherSuites
- Array of cipher names. Will be used to calculate enabled cipher suites as an
intersection of sets: (cipher suites supported by SSLEngine) x (cipherSuites)
.
Applicable to all security providers, although exact provider behavior may depend on
provider and/or OS configuration.SSLEngine
public static SSLExtendedOptions createSSLExtendedOptions(boolean mutualTLS, java.lang.String[] enabledCipherSuites, java.lang.String[] enabledProtocols)
SSLContext
.
Example:
final boolean mutualTLS = true;
final String[] ciphers = new String[] {
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"};
final String[] protocols = new String[] {
"SSLv3",
TLSConfiguration.TLS_VERSION_1, // "TLSv1"
TLSConfiguration.TLS_VERSION_1_1, // "TLSv1.1"
TLSConfiguration.TLS_VERSION_1_2, // "TLSv1.2"
};
SSLExtendedOptions sslOpts = createSSLExtendedOptions(mutualTLS, ciphers);
Information on cipher names can be found in Java� Cryptography Architecture Standard Algorithm Name Documentation
mutualTLS
- Used only for server side, meaningless for client side.
If set to true
, then SSLEngine
will require client side to present
certificates, if false
- will not.enabledCipherSuites
- Array of cipher names. Will be used to calculate enabled cipher suites as an
intersection of sets: (cipher suites supported by SSLEngine) x (cipherSuites)
.
Applicable to all security providers, although exact provider behavior may depend on
provider and/or OS configuration.SSLEngine
public static SSLExtendedOptions createSSLExtendedOptions(boolean mutualTLS, java.lang.String enabledCipherSuites)
SSLContext
.
Example:
final boolean mutualTLS = true;
final String ciphers = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA " +
"TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
SSLExtendedOptions sslOpts = createSSLExtendedOptions(mutualTLS, ciphers);
Information on cipher names can be found in Java� Cryptography Architecture Standard Algorithm Name Documentation
mutualTLS
- Used only for server side, meaningless for client side.
If set to true
, then SSLEngine
will require client side to present
certificates, if false
- will not.enabledCipherSuites
- Array of cipher names. Will be used to calculate enabled cipher suites as an intersection of sets:
(cipher suites supported by SSLEngine) x (cipherSuites)
.
Applicable to all security providers, although exact provider behavior may depend on
provider and/or OS configuration.SSLEngine
public static SSLExtendedOptions createSSLExtendedOptions(boolean mutualTLS, java.lang.String enabledCipherSuites, java.lang.String enabledProtocols)
SSLContext
.
Example:
final boolean mutualTLS = true;
final String ciphers = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA " +
"TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
final String protocols = "SSLv3 TLSv1 TLSv1.1 TLSv1.2";
SSLExtendedOptions sslOpts = createSSLExtendedOptions(mutualTLS, ciphers, protocols);
Information on cipher names can be found in Java� Cryptography Architecture Standard Algorithm Name Documentation
mutualTLS
- Used only for server side, meaningless for client side.
If set to true
, then SSLEngine
will require client side to present
certificates, if false
- will not.enabledCipherSuites
- List of cipher names separated with
SSLExtendedOptions.CIPHER_LIST_SEPARATOR_CHAR
(currently space character
is used). Will be used to calculate enabled cipher suites as an intersection of sets:
(cipher suites supported by SSLEngine) x (cipherSuites)
.
Applicable to all security providers, although exact provider behavior may depend on
provider and/or OS configuration.enabledProtocols
- List of protocol names separated with
SSLExtendedOptions.PROTOCOL_LIST_SEPARATOR_CHAR
(currently space character
is used). Will be used to calculate enabled protocols as an intersection of sets:
(protocols supported by SSLEngine) x (enabledProtocols)
.
Applicable to all security providers, although exact provider behavior may depend on
provider and/or OS configuration.SSLEngine
Send comments on this topicTechpubs.webadmin@genesys.com.
Document version: 9.0.006.00
Copyright © 2006–2019 Genesys Telecommunications Laboratories, Inc. All rights reserved.