public class JSSESocketFactory extends Object implements ServerSocketFactory, SSLUtil
Modifier and Type | Field and Description |
---|---|
protected boolean |
allowUnsafeLegacyRenegotiation |
static String |
DEFAULT_KEY_PASS |
protected String[] |
enabledCiphers |
protected String[] |
enabledProtocols |
protected boolean |
requireClientAuth
Flag to state that we require client authentication.
|
protected SSLServerSocketFactory |
sslProxy |
protected boolean |
wantClientAuth
Flag to state that we would like client authentication.
|
Constructor and Description |
---|
JSSESocketFactory(AbstractEndpoint<?> endpoint) |
Modifier and Type | Method and Description |
---|---|
Socket |
acceptSocket(ServerSocket socket)
Wrapper function for accept().
|
protected void |
configureClientAuth(SSLServerSocket socket)
Configure Client authentication for this version of JSSE.
|
void |
configureSessionContext(SSLSessionContext sslSessionContext) |
protected void |
configureUseServerCipherSuitesOrder(SSLServerSocket socket)
Configures SSLEngine to honor cipher suites ordering based upon
endpoint configuration.
|
ServerSocket |
createSocket(int port)
Returns a server socket which uses all network interfaces on the host,
and is bound to a the specified port.
|
ServerSocket |
createSocket(int port,
int backlog)
Returns a server socket which uses all network interfaces on the host, is
bound to a the specified port, and uses the specified connection backlog.
|
ServerSocket |
createSocket(int port,
int backlog,
InetAddress ifAddress)
Returns a server socket which uses only the specified network interface
on the local host, is bound to a the specified port, and uses the
specified connection backlog.
|
SSLContext |
createSSLContext() |
protected Collection<? extends CRL> |
getCRLs(String crlf)
Load the collection of CRLs.
|
String[] |
getEnableableCiphers(SSLContext context)
Determines the SSL cipher suites that can be enabled, based on the
configuration of the endpoint and the ciphers supported by the SSL
implementation.
|
String[] |
getEnableableProtocols(SSLContext context)
Determines the SSL protocol variants that can be enabled, based on the
configuration of the endpoint and the ciphers supported by the SSL
implementation.
|
KeyManager[] |
getKeyManagers() |
protected KeyManager[] |
getKeyManagers(String keystoreType,
String keystoreProvider,
String algorithm,
String keyAlias)
Gets the initialized key managers.
|
protected KeyStore |
getKeystore(String type,
String provider,
String pass) |
protected String |
getKeystorePassword() |
protected CertPathParameters |
getParameters(String algorithm,
String crlf,
KeyStore trustStore)
Return the initialization parameters for the TrustManager.
|
TrustManager[] |
getTrustManagers() |
protected TrustManager[] |
getTrustManagers(String keystoreType,
String keystoreProvider,
String algorithm)
Gets the initialized trust managers.
|
protected KeyStore |
getTrustStore(String keystoreType,
String keystoreProvider) |
void |
handshake(Socket sock)
Triggers the SSL handshake.
|
public static final String DEFAULT_KEY_PASS
protected SSLServerSocketFactory sslProxy
protected String[] enabledCiphers
protected String[] enabledProtocols
protected boolean allowUnsafeLegacyRenegotiation
protected boolean requireClientAuth
protected boolean wantClientAuth
public JSSESocketFactory(AbstractEndpoint<?> endpoint)
public ServerSocket createSocket(int port) throws IOException
ServerSocketFactory
createSocket
in interface ServerSocketFactory
port
- the port to listen toIOException
- for networking errorspublic ServerSocket createSocket(int port, int backlog) throws IOException
ServerSocketFactory
createSocket
in interface ServerSocketFactory
port
- the port to listen tobacklog
- how many connections are queuedIOException
- for networking errorspublic ServerSocket createSocket(int port, int backlog, InetAddress ifAddress) throws IOException
ServerSocketFactory
createSocket
in interface ServerSocketFactory
port
- the port to listen tobacklog
- how many connections are queuedifAddress
- the network interface address to useIOException
- for networking errorspublic Socket acceptSocket(ServerSocket socket) throws IOException
ServerSocketFactory
acceptSocket
in interface ServerSocketFactory
IOException
public void handshake(Socket sock) throws IOException
ServerSocketFactory
handshake
in interface ServerSocketFactory
IOException
public String[] getEnableableCiphers(SSLContext context)
SSLUtil
getEnableableCiphers
in interface SSLUtil
context
- An initialized context to obtain the supported ciphers from.protected String getKeystorePassword()
protected KeyStore getKeystore(String type, String provider, String pass) throws IOException
IOException
protected KeyStore getTrustStore(String keystoreType, String keystoreProvider) throws IOException
IOException
public SSLContext createSSLContext() throws Exception
createSSLContext
in interface SSLUtil
Exception
public KeyManager[] getKeyManagers() throws Exception
getKeyManagers
in interface SSLUtil
Exception
public TrustManager[] getTrustManagers() throws Exception
getTrustManagers
in interface SSLUtil
Exception
public void configureSessionContext(SSLSessionContext sslSessionContext)
configureSessionContext
in interface SSLUtil
protected KeyManager[] getKeyManagers(String keystoreType, String keystoreProvider, String algorithm, String keyAlias) throws Exception
Exception
protected TrustManager[] getTrustManagers(String keystoreType, String keystoreProvider, String algorithm) throws Exception
Exception
protected CertPathParameters getParameters(String algorithm, String crlf, KeyStore trustStore) throws Exception
PKIX
is supported.algorithm
- The algorithm to get parameters for.crlf
- The path to the CRL file.trustStore
- The configured TrustStore.Exception
protected Collection<? extends CRL> getCRLs(String crlf) throws IOException, CRLException, CertificateException
public String[] getEnableableProtocols(SSLContext context)
SSLUtil
getEnableableProtocols
in interface SSLUtil
context
- An initialized context to obtain the supported protocols from.protected void configureClientAuth(SSLServerSocket socket)
socket
- the SSLServerSocketprotected void configureUseServerCipherSuitesOrder(SSLServerSocket socket)
UnsupportedOperationException
- If the runtime JVM doesn't
support this setting.Copyright © 2000-2021 Apache Software Foundation. All Rights Reserved.