org.restlet.ext.ssl
Class DefaultSslContextFactory

java.lang.Object
  org.restlet.ext.ssl.SslContextFactory
      org.restlet.ext.ssl.DefaultSslContextFactory

public class DefaultSslContextFactory
extends SslContextFactory

This SslContextFactory makes it possible to configure most basic options when building an SSLContext. See the init(Series) method for the list of parameters supported by this factory when configuring your HTTP client or server connector. Here is the list of SSL related parameters that are also supported:

Parameter name	Value type	Default value	Description
certAlgorithm	String	SunX509	SSL certificate algorithm.
keystorePath	String	${user.home}/.keystore	SSL keystore path.
keystorePassword	String	System property "javax.net.ssl.keyStorePassword"	SSL keystore password.
keystoreType	String	JKS	SSL keystore type
keyPassword	String	System property "javax.net.ssl.keyStorePassword"	SSL key password.
needClientAuthentication	boolean	false	Indicates if we require client certificate authentication
secureRandomAlgorithm	String	null (see java.security.SecureRandom)	Name of the RNG algorithm. (see java.security.SecureRandom class).
securityProvider	String	null (see javax.net.ssl.SSLContext)	Java security provider name (see java.security.Provider class).
sslProtocol	String	TLS	SSL protocol.
truststorePath	String	null	Path to trust store
truststorePassword	String	System property "javax.net.ssl.trustStorePassword"	Trust store password
truststoreType	String	System property "javax.net.ssl.trustStoreType"	Trust store type
wantClientAuthentication	boolean	false	Indicates if we would like client certificate authentication

In short, two instances of KeyStore are used when configuring an SSLContext: the keystore (which contains the public and private keys and certificates to be used locally) and the trust store (which generally holds the CA certificates to be trusted when connecting to a remote host). Both keystore and trust store are KeyStores. When not explicitly set using the setters of this class, the values will default to the default system properties, following the behavior described in the JSSE reference guide.

There is more information in the JSSE Reference Guide.

Author:

Bruno Harbulot (Bruno.Harbulot@manchester.ac.uk)

See Also:

SSLContext, KeyStore, JSSE Reference - Standard names

Constructor Summary

DefaultSslContextFactory()

Method Summary

protected DefaultSslContextFactory	clone() This class is likely to contain sensitive information; cloning is therefore not allowed.
SSLContext	createSslContext() Creates a configured and initialized SSLContext from the values set via the various setters of this class.
String	getCertAlgorithm() Returns the name of the KeyManager algorithm.
String[]	getDisabledCipherSuites() Returns the whitespace-separated list of disabled cipher suites.
String[]	getEnabledCipherSuites() Returns the whitespace-separated list of enabled cipher suites.
char[]	getKeyStoreKeyPassword() Returns the password for the key in the keystore (as a String).
char[]	getKeyStorePassword() Returns the password for the keystore (as a String).
String	getKeyStorePath() Returns the path to the KeyStore file.
String	getKeyStoreProvider() Returns the name of the keystore provider.
String	getKeyStoreType() Returns the keyStore type of the keystore.
String	getSecureRandomAlgorithm() Returns the name of the SecureRandom algorithm.
String	getSslProtocol() Returns the secure socket protocol name, "TLS" by default.
String	getTrustManagerAlgorithm() Returns the name of the TrustManager algorithm.
char[]	getTrustStorePassword() Returns the password for the trust store keystore.
String	getTrustStorePath() Returns the path to the trust store (keystore) file.
String	getTrustStoreProvider() Returns the name of the trust store (keystore) provider.
String	getTrustStoreType() Returns the KeyStore type of the trust store.
void	init(Series<Parameter> helperParameters) Sets the following options according to parameters that may have been set up directly in the HttpsClientHelper or HttpsServerHelper parameters.
boolean	isNeedClientAuthentication() Indicates if we require client certificate authentication.
boolean	isWantClientAuthentication() Indicates if we would like client certificate authentication.
void	setCertAlgorithm(String keyManagerAlgorithm) Sets the KeyManager algorithm.
void	setDisabledCipherSuites(String[] disabledCipherSuites) Sets the whitespace-separated list of disabled cipher suites.
void	setEnabledCipherSuites(String[] enabledCipherSuites) Sets the whitespace-separated list of enabled cipher suites.
void	setKeyStoreKeyPassword(char[] keyStoreKeyPassword) Sets the password of the key in the keystore.
void	setKeyStoreKeyPassword(String keyStoreKeyPassword) Sets the password of the key in the keystore.
void	setKeyStorePassword(char[] keyStorePassword) Sets the keystore password.
void	setKeyStorePassword(String keyStorePassword) Sets the keystore password.
void	setKeyStorePath(String keyStorePath) Sets the path to the keystore file.
void	setKeyStoreProvider(String keyStoreProvider) Sets the name of the keystore provider.
void	setKeyStoreType(String keyStoreType) Sets the KeyStore type of the keystore.
void	setNeedClientAuthentication(boolean needClientAuthentication) Indicates if we require client certificate authentication.
void	setSecureRandomAlgorithm(String secureRandomAlgorithm) Sets the SecureRandom algorithm.
void	setSslProtocol(String sslProtocol) Sets the secure socket protocol name, "TLS" by default.
void	setTrustManagerAlgorithm(String trustManagerAlgorithm) Sets the TrustManager algorithm.
void	setTrustStorePassword(char[] trustStorePassword) Sets the password of the trust store KeyStore.
void	setTrustStorePassword(String trustStorePassword) Sets the password of the trust store KeyStore.
void	setTrustStorePath(String trustStorePath) Sets the path to the trust store KeyStore.
void	setTrustStoreProvider(String trustStoreProvider) Sets the name of the trust store provider.
void	setTrustStoreType(String trustStoreType) Sets the KeyStore type of the trust store.
void	setWantClientAuthentication(boolean wantClientAuthentication) Indicates if we would like client certificate authentication.

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DefaultSslContextFactory

public DefaultSslContextFactory()

Method Detail

clone

protected final DefaultSslContextFactory clone()
                                        throws CloneNotSupportedException

This class is likely to contain sensitive information; cloning is therefore not allowed.

Overrides:

clone in class Object

Throws:

CloneNotSupportedException

createSslContext

public SSLContext createSslContext()
                            throws Exception

Creates a configured and initialized SSLContext from the values set via the various setters of this class. If keyStorePath, keyStoreProvider, keyStoreType are all null, the SSLContext will be initialized with a null array of KeyManagers. Similarly, if trustStorePath, trustStoreProvider, trustStoreType are all null, a null array of TrustManagers will be used.

Specified by:

createSslContext in class SslContextFactory

Returns:

A configured and initialized SSLContext.

Throws:

Exception

See Also:

SSLContext.init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)

getCertAlgorithm

public String getCertAlgorithm()

Returns the name of the KeyManager algorithm.

Returns:

The name of the KeyManager algorithm.

getDisabledCipherSuites

public String[] getDisabledCipherSuites()

Returns the whitespace-separated list of disabled cipher suites.

Returns:

The whitespace-separated list of disabled cipher suites.

getEnabledCipherSuites

public String[] getEnabledCipherSuites()

Returns the whitespace-separated list of enabled cipher suites.

Returns:

The whitespace-separated list of enabled cipher suites.

getKeyStoreKeyPassword

public char[] getKeyStoreKeyPassword()

Returns the password for the key in the keystore (as a String).

Returns:

The password for the key in the keystore (as a String).

getKeyStorePassword

public char[] getKeyStorePassword()

Returns the password for the keystore (as a String).

Returns:

The password for the keystore (as a String).

getKeyStorePath

public String getKeyStorePath()

Returns the path to the KeyStore file.

Returns:

The path to the KeyStore file.

getKeyStoreProvider

public String getKeyStoreProvider()

Returns the name of the keystore provider.

Returns:

The name of the keystore provider.

getKeyStoreType

public String getKeyStoreType()

Returns the keyStore type of the keystore.

Returns:

The keyStore type of the keystore.

getSecureRandomAlgorithm

public String getSecureRandomAlgorithm()

Returns the name of the SecureRandom algorithm.

Returns:

The name of the SecureRandom algorithm.

getSslProtocol

public String getSslProtocol()

Returns the secure socket protocol name, "TLS" by default.

Returns:

The secure socket protocol.

getTrustManagerAlgorithm

public String getTrustManagerAlgorithm()

Returns the name of the TrustManager algorithm.

Returns:

The name of the TrustManager algorithm.

getTrustStorePassword

public char[] getTrustStorePassword()

Returns the password for the trust store keystore.

Returns:

The password for the trust store keystore.

getTrustStorePath

public String getTrustStorePath()

Returns the path to the trust store (keystore) file.

Returns:

The path to the trust store (keystore) file.

getTrustStoreProvider

public String getTrustStoreProvider()

Returns the name of the trust store (keystore) provider.

Returns:

The name of the trust store (keystore) provider.

getTrustStoreType

public String getTrustStoreType()

Returns the KeyStore type of the trust store.

Returns:

The KeyStore type of the trust store.

init

public void init(Series<Parameter> helperParameters)

Sets the following options according to parameters that may have been set up directly in the HttpsClientHelper or HttpsServerHelper parameters.

Parameter name	Value type	Default value	Description
enabledCipherSuites	String	null	Whitespace-separated list of enabled cipher suites and/or can be specified multiple times
disabledCipherSuites	String	null	Whitespace-separated list of disabled cipher suites and/or can be specified multiple times. It affects the cipher suites manually enabled or the default ones.
keyStorePath	String	${user.home}/.keystore	SSL keystore path.
keyStorePassword	String		SSL keystore password.
keyStoreType	String	JKS	SSL keystore type
keyPassword	String		SSL key password.
certAlgorithm	String	SunX509	SSL certificate algorithm.
needClientAuthentication	boolean	false	Indicates if we require client certificate authentication
secureRandomAlgorithm	String	null (see java.security.SecureRandom)	Name of the RNG algorithm. (see java.security.SecureRandom class)
sslProtocol	String	TLS	SSL protocol.
truststorePath	String	null	Path to trust store
truststorePassword	String	System property "javax.net.ssl.trustStorePassword"	Trust store password
truststoreType	String	System property "javax.net.ssl.trustStoreType"	Trust store type
wantClientAuthentication	boolean	false	Indicates if we would like client certificate authentication

Specified by:

init in class SslContextFactory

Parameters:

helperParameters - Typically, the parameters that would have been obtained from HttpsServerHelper.getParameters()

isNeedClientAuthentication

public boolean isNeedClientAuthentication()

Indicates if we require client certificate authentication.

Returns:

True if we require client certificate authentication.

isWantClientAuthentication

public boolean isWantClientAuthentication()

Indicates if we would like client certificate authentication.

Returns:

True if we would like client certificate authentication.

setCertAlgorithm

public void setCertAlgorithm(String keyManagerAlgorithm)

Sets the KeyManager algorithm. The default value is that of the ssl.KeyManagerFactory.algorithm system property, or "SunX509" if the system property has not been set up.

Parameters:

keyManagerAlgorithm - The KeyManager algorithm.

setDisabledCipherSuites

public void setDisabledCipherSuites(String[] disabledCipherSuites)

Sets the whitespace-separated list of disabled cipher suites.

Parameters:

disabledCipherSuites - The whitespace-separated list of disabled cipher suites.

setEnabledCipherSuites

public void setEnabledCipherSuites(String[] enabledCipherSuites)

Sets the whitespace-separated list of enabled cipher suites.

Parameters:

enabledCipherSuites - The whitespace-separated list of enabled cipher suites.

setKeyStoreKeyPassword

public void setKeyStoreKeyPassword(char[] keyStoreKeyPassword)

Sets the password of the key in the keystore. The default value is that of the javax.net.ssl.keyPassword system property, falling back to javax.net.ssl.keyStorePassword. This system property name is not standard.

Parameters:

keyStoreKeyPassword - The password of the key in the keystore.

setKeyStoreKeyPassword

public void setKeyStoreKeyPassword(String keyStoreKeyPassword)

Sets the password of the key in the keystore. The default value is that of the javax.net.ssl.keyPassword system property, falling back to javax.net.ssl.keyStorePassword. This system property name is not standard.

Parameters:

keyStoreKeyPassword - The password of the key in the keystore.

setKeyStorePassword

public void setKeyStorePassword(char[] keyStorePassword)

Sets the keystore password. The default value is that of the javax.net.ssl.keyStorePassword system property.

Parameters:

keyStorePassword - Sets the keystore password.

setKeyStorePassword

public void setKeyStorePassword(String keyStorePassword)

Sets the keystore password. The default value is that of the javax.net.ssl.keyStorePassword system property.

Parameters:

keyStorePassword - Sets the keystore password.

setKeyStorePath

public void setKeyStorePath(String keyStorePath)

Sets the path to the keystore file. The default value is that of the javax.net.ssl.keyStore system property.

Parameters:

keyStorePath - The path to the keystore file.

setKeyStoreProvider

public void setKeyStoreProvider(String keyStoreProvider)

Sets the name of the keystore provider. The default value is that of the javax.net.ssl.keyStoreProvider system property.

Parameters:

keyStoreProvider - The name of the keystore provider.

setKeyStoreType

public void setKeyStoreType(String keyStoreType)

Sets the KeyStore type of the keystore. The default value is that of the javax.net.ssl.keyStoreType system property.

Parameters:

keyStoreType - The KeyStore type of the keystore.

setNeedClientAuthentication

public void setNeedClientAuthentication(boolean needClientAuthentication)

Indicates if we require client certificate authentication. The default value is false.

Parameters:

needClientAuthentication - True if we require client certificate authentication.

setSecureRandomAlgorithm

public void setSecureRandomAlgorithm(String secureRandomAlgorithm)

Sets the SecureRandom algorithm. The default value is null, in which case the default SecureRandom would be used.

Parameters:

secureRandomAlgorithm - The SecureRandom algorithm.

setSslProtocol

public void setSslProtocol(String sslProtocol)

Sets the secure socket protocol name, "TLS" by default. Typically, this will be either "TLS" or "SSLv3". This is the name used when instantiating the SSLContext.

Parameters:

sslProtocol - Name of the secure socket protocol to use.

setTrustManagerAlgorithm

public void setTrustManagerAlgorithm(String trustManagerAlgorithm)

Sets the TrustManager algorithm. The default value is that of the ssl.TrustManagerFactory.algorithm system property, or "SunX509" if the system property has not been set up.

Parameters:

trustManagerAlgorithm - The TrustManager algorithm.

setTrustStorePassword

public void setTrustStorePassword(char[] trustStorePassword)

Sets the password of the trust store KeyStore. The default value is that of the javax.net.ssl.trustStorePassword system property.

Parameters:

trustStorePassword - The password of the trust store KeyStore.

setTrustStorePassword

public void setTrustStorePassword(String trustStorePassword)

Sets the password of the trust store KeyStore. The default value is that of the javax.net.ssl.trustStorePassword system property.

Parameters:

trustStorePassword - The password of the trust store KeyStore.

setTrustStorePath

public void setTrustStorePath(String trustStorePath)

Sets the path to the trust store KeyStore. The default value is that of the javax.net.ssl.trustStore system property.

Parameters:

trustStorePath - The trustStorePath to set

setTrustStoreProvider

public void setTrustStoreProvider(String trustStoreProvider)

Sets the name of the trust store provider. The default value is that of the javax.net.ssl.trustStoreProvider system property.

Parameters:

trustStoreProvider - The name of the trust store provider.

setTrustStoreType

public void setTrustStoreType(String trustStoreType)

Sets the KeyStore type of the trust store. The default value is that of the javax.net.ssl.trustStoreType system property.

Parameters:

trustStoreType - The KeyStore type of the trust store.

setWantClientAuthentication

public void setWantClientAuthentication(boolean wantClientAuthentication)

Indicates if we would like client certificate authentication. The default value is false.

Parameters:

wantClientAuthentication - True if we would like client certificate authentication.