SSLContextContainer (Tigase XMPP Server Distribution Builder 8.0.0-RC1 API)

java.lang.Object
- tigase.io.SSLContextContainerAbstract
- - tigase.io.SSLContextContainer

All Implemented Interfaces:: SSLContextContainerIfc, Lifecycle

Direct Known Subclasses:: SSLContextContainer.Root

@Bean(name="sslContextContainer",
      parent=ConnectionManager.class,
      active=true)
public class SSLContextContainer
extends SSLContextContainerAbstract

Created: Oct 15, 2010 2:40:49 PM

Version:: $Rev$
Author:: Artur Hefczyc

Nested Class Summary

Nested Classes
Modifier and Type Class and Description

static class SSLContextContainer.Root
- Nested classes/interfaces inherited from class tigase.io.SSLContextContainerAbstract
  SSLContextContainerAbstract.SSLHolder

Nested Classes
Modifier and Type	Class and Description
`static class`	`SSLContextContainer.Root`

Field Summary

Fields
Modifier and Type Field and Description

protected EventBus eventBus

protected Map<String,SSLContextContainerAbstract.SSLHolder> sslContexts
- Fields inherited from interface tigase.io.SSLContextContainerIfc
  ALLOW_INVALID_CERTS_KEY, ALLOW_INVALID_CERTS_VAL, ALLOW_SELF_SIGNED_CERTS_KEY, ALLOW_SELF_SIGNED_CERTS_VAL, CERT_ALIAS_KEY, CERT_SAVE_TO_DISK_KEY, DEFAULT_DOMAIN_CERT_KEY, DEFAULT_DOMAIN_CERT_VAL, JKS_KEYSTORE_FILE_KEY, JKS_KEYSTORE_FILE_VAL, JKS_KEYSTORE_PWD_KEY, JKS_KEYSTORE_PWD_VAL, PEM_CERTIFICATE_KEY, SERVER_CERTS_LOCATION_KEY, SERVER_CERTS_LOCATION_VAL, SSL_CONTAINER_CLASS_KEY, SSL_CONTAINER_CLASS_VAL, TRUSTED_CERTS_DIR_KEY, TRUSTED_CERTS_DIR_VAL, TRUSTSTORE_FILE_KEY, TRUSTSTORE_FILE_VAL, TRUSTSTORE_PWD_KEY, TRUSTSTORE_PWD_VAL

Fields
Modifier and Type	Field and Description
`protected EventBus`	`eventBus`
`protected Map<String,SSLContextContainerAbstract.SSLHolder>`	`sslContexts`

Constructor Summary

Constructors
Constructor and Description
`SSLContextContainer()` Constructor for bean only
`SSLContextContainer(CertificateContainerIfc certContainer)` Constructor used to create root SSLContextContainer instance which should cache only SSLContext instances where array of TrustManagers is not set - common for all ConnectionManagers.
`SSLContextContainer(CertificateContainerIfc certContainer, SSLContextContainerIfc parent)` Constructor used to create instances for every ConnectionManager so that every connection manager can have different TrustManagers and SSLContext instance will still be cached.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`IOInterface`	`createIoInterface(String protocol, String tls_hostname, int port, boolean clientMode, boolean wantClientAuth, boolean needClientAuth, ByteOrder byteOrder, TrustManager[] x509TrustManagers, TLSEventHandler eventHandler, IOInterface socketIO, CertificateContainerIfc certificateContainer)`
`String[]`	`getEnabledCiphers()`
`String[]`	`getEnabledProtocols()`
`SSLContext`	`getSSLContext(String protocol, String hostname, boolean clientMode, TrustManager[] tms)` Method `getSSLContext` creates and returns new SSLContext for a given domain (hostname).
`KeyStore`	`getTrustStore()` Returns a trust store with all trusted certificates.
`void`	`setEnabledCiphers(String[] enabledCiphers)`
`void`	`setEnabledProtocols(String[] enabledProtocols)`
`void`	`setHardenedMode(boolean hardenedMode)`
`void`	`setParent(SSLContextContainerIfc parent)`
`void`	`setTlsJdkNssBugWorkaround(boolean value)`
`void`	`start()`
`void`	`stop()`

Methods inherited from class tigase.io.SSLContextContainerAbstract
addCertificates, createCertificate, createContextHolder, find, getDefCertAlias, getKeyManagers, getSSLContext, getTrustManagers

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

eventBus
```
@Inject
protected EventBus eventBus
```

sslContexts

protected Map<String,SSLContextContainerAbstract.SSLHolder> sslContexts

Constructor Detail
- SSLContextContainer
```
public SSLContextContainer()
```
  Constructor for bean only
- SSLContextContainer
```
public SSLContextContainer(CertificateContainerIfc certContainer)
```
  Constructor used to create root SSLContextContainer instance which should cache only SSLContext instances where array of TrustManagers is not set - common for all ConnectionManagers. This instance is kept by TLSUtil class.
  
  Parameters:
  
  certContainer -
- SSLContextContainer
```
public SSLContextContainer(CertificateContainerIfc certContainer,
                           SSLContextContainerIfc parent)
```
  Constructor used to create instances for every ConnectionManager so that every connection manager can have different TrustManagers and SSLContext instance will still be cached.
  
  Parameters:
  
  certContainer -
  
  parent -

Method Detail

createIoInterface

public IOInterface createIoInterface(String protocol,
                                     String tls_hostname,
                                     int port,
                                     boolean clientMode,
                                     boolean wantClientAuth,
                                     boolean needClientAuth,
                                     ByteOrder byteOrder,
                                     TrustManager[] x509TrustManagers,
                                     TLSEventHandler eventHandler,
                                     IOInterface socketIO,
                                     CertificateContainerIfc certificateContainer)
                              throws IOException

Throws:: IOException

getEnabledCiphers
```
public String[] getEnabledCiphers()
```

setEnabledCiphers

public void setEnabledCiphers(String[] enabledCiphers)

getEnabledProtocols
```
public String[] getEnabledProtocols()
```

setEnabledProtocols

public void setEnabledProtocols(String[] enabledProtocols)

getSSLContext
```
public SSLContext getSSLContext(String protocol,
                                String hostname,
                                boolean clientMode,
                                TrustManager[] tms)
```
Description copied from interface: SSLContextContainerIfc

Method getSSLContext creates and returns new SSLContext for a given domain (hostname). For creation of the SSLContext a certificate associated with this domain (hostname) should be used. If there is no specific certificate for a given domain then default certificate should be used.

Parameters:

protocol - a String is either 'SSL' or 'TLS' value.

hostname - a String value keeps a hostname or domain for SSLContext.

clientMode - if set SSLContext will be created for client mode (ie. creation of server certificate will be skipped if there is no certificate)

tms - array of TrustManagers which should be used to validate remote certificate

Returns:

a SSLContext value

getTrustStore
```
public KeyStore getTrustStore()
```
Description copied from interface: SSLContextContainerIfc

Returns a trust store with all trusted certificates.

Specified by:

getTrustStore in interface SSLContextContainerIfc

Overrides:

getTrustStore in class SSLContextContainerAbstract

Returns:

a KeyStore with all trusted certificates, the KeyStore can be empty but cannot be null.

setHardenedMode

public void setHardenedMode(boolean hardenedMode)

setParent

public void setParent(SSLContextContainerIfc parent)

setTlsJdkNssBugWorkaround

public void setTlsJdkNssBugWorkaround(boolean value)

start
```
public void start()
```

stop
```
public void stop()
```

Class SSLContextContainer

Nested Class Summary

Nested classes/interfaces inherited from class tigase.io.SSLContextContainerAbstract

Field Summary

Fields inherited from interface tigase.io.SSLContextContainerIfc

Constructor Summary

Method Summary

Methods inherited from class tigase.io.SSLContextContainerAbstract

Methods inherited from class java.lang.Object

Field Detail

eventBus

sslContexts

Constructor Detail

SSLContextContainer

SSLContextContainer

SSLContextContainer

Method Detail

createIoInterface

getEnabledCiphers

setEnabledCiphers

getEnabledProtocols

setEnabledProtocols

getSSLContext

getTrustStore

setHardenedMode

setParent

setTlsJdkNssBugWorkaround

start

stop