tigase.io

Class SSLContextContainerAbstract

java.lang.Object

tigase.io.SSLContextContainerAbstract

All Implemented Interfaces:

SSLContextContainerIfc, Lifecycle

Direct Known Subclasses:

SSLContextContainer

public abstract class SSLContextContainerAbstract
extends Object
implements SSLContextContainerIfc

Created by andrzej on 29.02.2016.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
protected class	SSLContextContainerAbstract.SSLHolder

Field Summary

Fields inherited from interface tigase.io.SSLContextContainerIfc

ALLOW_INVALID_CERTS_KEY, ALLOW_INVALID_CERTS_VAL, ALLOW_SELF_SIGNED_CERTS_KEY, ALLOW_SELF_SIGNED_CERTS_VAL, CERT_ALIAS_KEY, CERT_SAVE_TO_DISK_KEY, DEFAULT_DOMAIN_CERT_KEY, DEFAULT_DOMAIN_CERT_VAL, JKS_KEYSTORE_FILE_KEY, JKS_KEYSTORE_FILE_VAL, JKS_KEYSTORE_PWD_KEY, JKS_KEYSTORE_PWD_VAL, PEM_CERTIFICATE_KEY, SERVER_CERTS_LOCATION_KEY, SERVER_CERTS_LOCATION_VAL, SSL_CONTAINER_CLASS_KEY, SSL_CONTAINER_CLASS_VAL, TRUSTED_CERTS_DIR_KEY, TRUSTED_CERTS_DIR_VAL, TRUSTSTORE_FILE_KEY, TRUSTSTORE_FILE_VAL, TRUSTSTORE_PWD_KEY, TRUSTSTORE_PWD_VAL

Constructor Summary

Constructors

Constructor and Description
SSLContextContainerAbstract(CertificateContainerIfc certContainer)

Method Summary

Modifier and Type	Method and Description
void	addCertificates(Map<String,String> params) Method addCertificates allows to add more certificates at run time after the container has bee already initialized.
protected KeyManager[]	createCertificate(String alias)
protected SSLContextContainerAbstract.SSLHolder	createContextHolder(String protocol, String hostname, String alias, boolean clientMode, TrustManager[] tms) Common method used to create SSLContext instance based on provided parameters
static <T> T	find(Map<String,T> lookupMap, String domain) Generic method responsible for lookup of value in Map where passed key is domain name and in Map wildcard name may be used as a key.
protected String	getDefCertAlias()
protected KeyManager[]	getKeyManagers(String hostname)
SSLContext	getSSLContext(String protocol, String hostname, boolean clientMode) Method getSSLContext creates and returns new SSLContext for a given domain (hostname).
protected TrustManager[]	getTrustManagers()
KeyStore	getTrustStore() Returns a trust store with all trusted certificates.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface tigase.io.SSLContextContainerIfc

createIoInterface, createIoInterface, getEnabledCiphers, getEnabledCiphers, getEnabledProtocols, getEnabledProtocols, getSSLContext

Methods inherited from interface tigase.server.Lifecycle

start, stop

Constructor Detail

SSLContextContainerAbstract

public SSLContextContainerAbstract(CertificateContainerIfc certContainer)

Method Detail

find

public static <T> T find(Map<String,T> lookupMap,
                         String domain)

Generic method responsible for lookup of value in Map where passed key is domain name and in Map wildcard name may be used as a key.

addCertificates

public void addCertificates(Map<String,String> params)
                     throws CertificateParsingException

Description copied from interface: SSLContextContainerIfc

Method addCertificates allows to add more certificates at run time after the container has bee already initialized. This is to avoid server restart if there are certificates updates or new certificates for new virtual domain. The method should add new certificates or replace existing one if there is already a certificate for a domain.

Specified by:

addCertificates in interface SSLContextContainerIfc

Parameters:

params - a Map value with configuration parameters.

Throws:

CertificateParsingException

getSSLContext

public SSLContext getSSLContext(String protocol,
                                String hostname,
                                boolean clientMode)

Description copied from interface: SSLContextContainerIfc

Method getSSLContext creates and returns new SSLContext for a given domain (hostname). For creation of the SSLContext a certificate associated with this domain (hostname) should be used. If there is no specific certificate for a given domain then default certificate should be used.

Specified by:

getSSLContext in interface SSLContextContainerIfc

Parameters:

protocol - a String is either 'SSL' or 'TLS' value.

hostname - a String value keeps a hostname or domain for SSLContext.

clientMode - if set SSLContext will be created for client mode (ie. creation of server certificate will be skipped if there is no certificate)

Returns:

a SSLContext value

getTrustStore

public KeyStore getTrustStore()

Description copied from interface: SSLContextContainerIfc

Returns a trust store with all trusted certificates.

Specified by:

getTrustStore in interface SSLContextContainerIfc

Returns:

a KeyStore with all trusted certificates, the KeyStore can be empty but cannot be null.

createCertificate

protected KeyManager[] createCertificate(String alias)
                                  throws Exception

Throws:

Exception

createContextHolder

protected SSLContextContainerAbstract.SSLHolder createContextHolder(String protocol,
                                                                    String hostname,
                                                                    String alias,
                                                                    boolean clientMode,
                                                                    TrustManager[] tms)
                                                             throws Exception

Common method used to create SSLContext instance based on provided parameters

Throws:

Exception

getDefCertAlias

protected String getDefCertAlias()

getKeyManagers

protected KeyManager[] getKeyManagers(String hostname)

getTrustManagers

protected TrustManager[] getTrustManagers()