org.restlet.engine.ssl

Class DefaultSslContextFactory

java.lang.Object

org.restlet.engine.ssl.SslContextFactory

org.restlet.engine.ssl.DefaultSslContextFactory

public class DefaultSslContextFactory
extends SslContextFactory

This SslContextFactory makes it possible to configure most basic options when building an SSLContext. See the init(Series) method for the list of parameters supported by this factory when configuring your HTTP client or server connector. Here is the list of SSL related parameters that are also supported:

Parameter name	Value type	Default value	Description
disabledCipherSuites	String	null	Whitespace-separated list of disabled cipher suites and/or can be specified multiple times. It affects the cipher suites manually enabled or the default ones.
disabledProtocols	String (see Java Secure Socket Extension (JSSE) reference guide)	null	Whitespace-separated list of disabled SSL/TLS protocol names and/or can be specified multiple times. Used when creating SSL sockets and engines.
enabledCipherSuites	String	null	Whitespace-separated list of enabled cipher suites and/or can be specified multiple times
enabledProtocols	String (see Java Secure Socket Extension (JSSE) reference guide)	null	Whitespace-separated list of enabled SSL/TLS protocol names and/or can be specified multiple times. Used when creating SSL sockets and engines.
keyManagerAlgorithm	String	System property "ssl.KeyManagerFactory.algorithm" or "SunX509"	Certificate algorithm for the key manager.
keyStorePath	String	System property "javax.net.ssl.keyStore" or ${user.home}/.keystore	SSL keystore path.
keyStorePassword	String	System property "javax.net.ssl.keyStorePassword"	SSL keystore password.
keyStoreType	String	System property javax.net.ssl.keyStoreType or JKS	SSL keystore type
keyPassword	String	System property "javax.net.ssl.keyStorePassword"	SSL key password.
needClientAuthentication	boolean	false	Indicates if we require client certificate authentication. If set to 'true', the "wantClientAuthentication" parameter is ignored.
protocol	String	TLS (see Java Secure Socket Extension (JSSE) reference guide)	SSL protocol used when creating the SSLContext.
secureRandomAlgorithm	String	null (see java.security.SecureRandom)	Name of the RNG algorithm. (see java.security.SecureRandom class)
trustManagerAlgorithm	String	System property "ssl.TrustManagerFactory.algorithm" or "SunX509"	Certificate algorithm for the trust manager.
trustStorePassword	String	System property "javax.net.ssl.trustStorePassword"	Trust store password
trustStorePath	String	System property "javax.net.ssl.trustStore"	Path to trust store
trustStoreType	String	System property "javax.net.ssl.trustStoreType"	Trust store type
wantClientAuthentication	boolean	false	Indicates if we would like client certificate authentication. Only taken into account if the "needClientAuthentication" parameter is 'false'.

In short, two instances of KeyStore are used when configuring an SSLContext: the key store (which contains the public and private keys and certificates to be used locally) and the trust store (which generally holds the CA certificates to be trusted when connecting to a remote host). Both keystore and trust store are KeyStores. When not explicitly set using the setters of this class, the values will default to the default system properties, following the behavior described in the JSSE reference guide.

There is more information in the JSSE Reference Guide.

Author:

Bruno Harbulot

See Also:

SSLContext, KeyStore, JSSE Reference - Standard names

Constructor Summary

Constructors

Constructor and Description
DefaultSslContextFactory()

Method Summary

Modifier and Type	Method and Description
protected DefaultSslContextFactory	clone() This class is likely to contain sensitive information; cloning is therefore not allowed.
javax.net.ssl.SSLContext	createSslContext() Creates a configured and initialized SSLContext from the values set via the various setters of this class.
protected javax.net.ssl.SSLContext	createWrapper(javax.net.ssl.SSLContext sslContext) Creates a new SSLContext wrapper.
java.lang.String[]	getDisabledCipherSuites() Returns the whitespace-separated list of disabled cipher suites.
java.lang.String[]	getDisabledProtocols() Returns the whitespace-separated list of disabled SSL protocols.
java.lang.String[]	getEnabledCipherSuites() Returns the whitespace-separated list of enabled cipher suites.
java.lang.String[]	getEnabledProtocols() Returns the whitespace-separated list of enabled SSL protocols.
java.lang.String	getKeyManagerAlgorithm() Returns the name of the KeyManager algorithm.
char[]	getKeyStoreKeyPassword() Returns the password for the key in the keystore (as a String).
char[]	getKeyStorePassword() Returns the password for the keystore (as a String).
java.lang.String	getKeyStorePath() Returns the path to the KeyStore file.
java.lang.String	getKeyStoreProvider() Returns the name of the keystore provider.
java.lang.String	getKeyStoreType() Returns the keyStore type of the keystore.
java.lang.String	getProtocol() Returns the secure socket protocol name, "TLS" by default.
java.lang.String	getSecureRandomAlgorithm() Returns the name of the SecureRandom algorithm.
java.lang.String[]	getSelectedCipherSuites(java.lang.String[] supportedCipherSuites) Returns the selected cipher suites.
java.lang.String[]	getSelectedSslProtocols(java.lang.String[] supportedProtocols) Returns the selected SSL protocols.
java.lang.String	getTrustManagerAlgorithm() Returns the name of the TrustManager algorithm.
char[]	getTrustStorePassword() Returns the password for the trust store keystore.
java.lang.String	getTrustStorePath() Returns the path to the trust store (keystore) file.
java.lang.String	getTrustStoreProvider() Returns the name of the trust store (keystore) provider.
java.lang.String	getTrustStoreType() Returns the KeyStore type of the trust store.
void	init(Series<Parameter> helperParameters) Sets the following options according to parameters that may have been set up directly in the HttpsClientHelper or HttpsServerHelper parameters.
boolean	isNeedClientAuthentication() Indicates if we require client certificate authentication.
boolean	isWantClientAuthentication() Indicates if we would like client certificate authentication.
void	setDisabledCipherSuites(java.lang.String[] disabledCipherSuites) Sets the whitespace-separated list of disabled cipher suites.
void	setDisabledProtocols(java.lang.String[] disabledProtocols) Sets the whitespace-separated list of disabled SSL protocols.
void	setEnabledCipherSuites(java.lang.String[] enabledCipherSuites) Sets the whitespace-separated list of enabled cipher suites.
void	setEnabledProtocols(java.lang.String[] enabledProtocols) Sets the standard name of the protocols to use when creating the SSL sockets or engines.
void	setKeyManagerAlgorithm(java.lang.String keyManagerAlgorithm) Sets the KeyManager algorithm.
void	setKeyStoreKeyPassword(char[] keyStoreKeyPassword) Sets the password of the key in the keystore.
void	setKeyStoreKeyPassword(java.lang.String keyStoreKeyPassword) Sets the password of the key in the keystore.
void	setKeyStorePassword(char[] keyStorePassword) Sets the keystore password.
void	setKeyStorePassword(java.lang.String keyStorePassword) Sets the keystore password.
void	setKeyStorePath(java.lang.String keyStorePath) Sets the path to the keystore file.
void	setKeyStoreProvider(java.lang.String keyStoreProvider) Sets the name of the keystore provider.
void	setKeyStoreType(java.lang.String keyStoreType) Sets the KeyStore type of the keystore.
void	setNeedClientAuthentication(boolean needClientAuthentication) Indicates if we require client certificate authentication.
void	setProtocol(java.lang.String protocol) Sets the secure socket protocol name, "TLS" by default.
void	setSecureRandomAlgorithm(java.lang.String secureRandomAlgorithm) Sets the SecureRandom algorithm.
void	setTrustManagerAlgorithm(java.lang.String trustManagerAlgorithm) Sets the TrustManager algorithm.
void	setTrustStorePassword(char[] trustStorePassword) Sets the password of the trust store KeyStore.
void	setTrustStorePassword(java.lang.String trustStorePassword) Sets the password of the trust store KeyStore.
void	setTrustStorePath(java.lang.String trustStorePath) Sets the path to the trust store KeyStore.
void	setTrustStoreProvider(java.lang.String trustStoreProvider) Sets the name of the trust store provider.
void	setTrustStoreType(java.lang.String trustStoreType) Sets the KeyStore type of the trust store.
void	setWantClientAuthentication(boolean wantClientAuthentication) Indicates if we would like client certificate authentication.

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DefaultSslContextFactory

public DefaultSslContextFactory()

Method Detail

clone

protected final DefaultSslContextFactory clone()
                                        throws java.lang.CloneNotSupportedException

This class is likely to contain sensitive information; cloning is therefore not allowed.

Overrides:

clone in class java.lang.Object

Throws:

java.lang.CloneNotSupportedException

createSslContext

public javax.net.ssl.SSLContext createSslContext()
                                          throws java.lang.Exception

Creates a configured and initialized SSLContext from the values set via the various setters of this class. If keyStorePath, keyStoreProvider, keyStoreType are all null, the SSLContext will be initialized with a null array of KeyManagers. Similarly, if trustStorePath, trustStoreProvider, trustStoreType are all null, a null array of TrustManagers will be used.

Specified by:

createSslContext in class SslContextFactory

Returns:

A configured and initialized SSLContext.

Throws:

java.lang.Exception

See Also:

SSLContext.init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)

createWrapper

protected javax.net.ssl.SSLContext createWrapper(javax.net.ssl.SSLContext sslContext)

Creates a new SSLContext wrapper. Necessary to properly initialize the SSLEngine or SSLSocketFactory or SSLServerSocketFactory created.

Parameters:

sslContext - The SSL context to wrap.

Returns:

The SSL context wrapper.

getDisabledCipherSuites

public java.lang.String[] getDisabledCipherSuites()

Returns the whitespace-separated list of disabled cipher suites.

Returns:

The whitespace-separated list of disabled cipher suites.

getDisabledProtocols

public java.lang.String[] getDisabledProtocols()

Returns the whitespace-separated list of disabled SSL protocols.

Returns:

The whitespace-separated list of disabled SSL protocols.

getEnabledCipherSuites

public java.lang.String[] getEnabledCipherSuites()

Returns the whitespace-separated list of enabled cipher suites.

Returns:

The whitespace-separated list of enabled cipher suites.

getEnabledProtocols

public java.lang.String[] getEnabledProtocols()

Returns the whitespace-separated list of enabled SSL protocols.

Returns:

The whitespace-separated list of enabled SSL protocols.

getKeyManagerAlgorithm

public java.lang.String getKeyManagerAlgorithm()

Returns the name of the KeyManager algorithm.

Returns:

The name of the KeyManager algorithm.

getKeyStoreKeyPassword

public char[] getKeyStoreKeyPassword()

Returns the password for the key in the keystore (as a String).

Returns:

The password for the key in the keystore (as a String).

getKeyStorePassword

public char[] getKeyStorePassword()

Returns the password for the keystore (as a String).

Returns:

The password for the keystore (as a String).

getKeyStorePath

public java.lang.String getKeyStorePath()

Returns the path to the KeyStore file.

Returns:

The path to the KeyStore file.

getKeyStoreProvider

public java.lang.String getKeyStoreProvider()

Returns the name of the keystore provider.

Returns:

The name of the keystore provider.

getKeyStoreType

public java.lang.String getKeyStoreType()

Returns the keyStore type of the keystore.

Returns:

The keyStore type of the keystore.

getProtocol

public java.lang.String getProtocol()

Returns the secure socket protocol name, "TLS" by default.

Returns:

The secure socket protocol.

getSecureRandomAlgorithm

public java.lang.String getSecureRandomAlgorithm()

Returns the name of the SecureRandom algorithm.

Returns:

The name of the SecureRandom algorithm.

getSelectedCipherSuites

public java.lang.String[] getSelectedCipherSuites(java.lang.String[] supportedCipherSuites)

Returns the selected cipher suites. The selection is the subset of supported suites that are both in the enable suites and out of the disabled suites.

Parameters:

supportedCipherSuites - The initial cipher suites to restrict.

Returns:

The selected cipher suites.

getSelectedSslProtocols

public java.lang.String[] getSelectedSslProtocols(java.lang.String[] supportedProtocols)

Returns the selected SSL protocols. The selection is the subset of supported protocols whose name starts with the name of of getEnabledProtocols() name.

Parameters:

supportedProtocols - The selected SSL protocols.

Returns:

The selected SSL protocols.

getTrustManagerAlgorithm

public java.lang.String getTrustManagerAlgorithm()

Returns the name of the TrustManager algorithm.

Returns:

The name of the TrustManager algorithm.

getTrustStorePassword

public char[] getTrustStorePassword()

Returns the password for the trust store keystore.

Returns:

The password for the trust store keystore.

getTrustStorePath

public java.lang.String getTrustStorePath()

Returns the path to the trust store (keystore) file.

Returns:

The path to the trust store (keystore) file.

getTrustStoreProvider

public java.lang.String getTrustStoreProvider()

Returns the name of the trust store (keystore) provider.

Returns:

The name of the trust store (keystore) provider.

getTrustStoreType

public java.lang.String getTrustStoreType()

Returns the KeyStore type of the trust store.

Returns:

The KeyStore type of the trust store.

init

public void init(Series<Parameter> helperParameters)

Sets the following options according to parameters that may have been set up directly in the HttpsClientHelper or HttpsServerHelper parameters. See class Javadocs for the list of parameters supported.

Specified by:

init in class SslContextFactory

Parameters:

helperParameters - Typically, the parameters that would have been obtained from HttpsServerHelper.getParameters()

isNeedClientAuthentication

public boolean isNeedClientAuthentication()

Indicates if we require client certificate authentication.

Returns:

True if we require client certificate authentication.

isWantClientAuthentication

public boolean isWantClientAuthentication()

Indicates if we would like client certificate authentication.

Returns:

True if we would like client certificate authentication.

setDisabledCipherSuites

public void setDisabledCipherSuites(java.lang.String[] disabledCipherSuites)

Sets the whitespace-separated list of disabled cipher suites.

Parameters:

disabledCipherSuites - The whitespace-separated list of disabled cipher suites.

setDisabledProtocols

public void setDisabledProtocols(java.lang.String[] disabledProtocols)

Sets the whitespace-separated list of disabled SSL protocols.

Parameters:

disabledProtocols - The whitespace-separated list of disabled SSL protocols.

setEnabledCipherSuites

public void setEnabledCipherSuites(java.lang.String[] enabledCipherSuites)

Sets the whitespace-separated list of enabled cipher suites.

Parameters:

enabledCipherSuites - The whitespace-separated list of enabled cipher suites.

setEnabledProtocols

public void setEnabledProtocols(java.lang.String[] enabledProtocols)

Sets the standard name of the protocols to use when creating the SSL sockets or engines.

Parameters:

enabledProtocols - The standard name of the protocols to use when creating the SSL sockets or engines.

setKeyManagerAlgorithm

public void setKeyManagerAlgorithm(java.lang.String keyManagerAlgorithm)

Sets the KeyManager algorithm. The default value is that of the ssl.KeyManagerFactory.algorithm system property, or "SunX509" if the system property has not been set up.

Parameters:

keyManagerAlgorithm - The KeyManager algorithm.

setKeyStoreKeyPassword

public void setKeyStoreKeyPassword(char[] keyStoreKeyPassword)

Sets the password of the key in the keystore. The default value is that of the javax.net.ssl.keyPassword system property, falling back to javax.net.ssl.keyStorePassword. This system property name is not standard.

Parameters:

keyStoreKeyPassword - The password of the key in the keystore.

setKeyStoreKeyPassword

public void setKeyStoreKeyPassword(java.lang.String keyStoreKeyPassword)

Sets the password of the key in the keystore. The default value is that of the javax.net.ssl.keyPassword system property, falling back to javax.net.ssl.keyStorePassword. This system property name is not standard.

Parameters:

keyStoreKeyPassword - The password of the key in the keystore.

setKeyStorePassword

public void setKeyStorePassword(char[] keyStorePassword)

Sets the keystore password. The default value is that of the javax.net.ssl.keyStorePassword system property.

Parameters:

keyStorePassword - Sets the keystore password.

setKeyStorePassword

public void setKeyStorePassword(java.lang.String keyStorePassword)

Sets the keystore password. The default value is that of the javax.net.ssl.keyStorePassword system property.

Parameters:

keyStorePassword - Sets the keystore password.

setKeyStorePath

public void setKeyStorePath(java.lang.String keyStorePath)

Sets the path to the keystore file. The default value is that of the javax.net.ssl.keyStore system property.

Parameters:

keyStorePath - The path to the keystore file.

setKeyStoreProvider

public void setKeyStoreProvider(java.lang.String keyStoreProvider)

Sets the name of the keystore provider. The default value is that of the javax.net.ssl.keyStoreProvider system property.

Parameters:

keyStoreProvider - The name of the keystore provider.

setKeyStoreType

public void setKeyStoreType(java.lang.String keyStoreType)

Sets the KeyStore type of the keystore. The default value is that of the javax.net.ssl.keyStoreType system property.

Parameters:

keyStoreType - The KeyStore type of the keystore.

setNeedClientAuthentication

public void setNeedClientAuthentication(boolean needClientAuthentication)

Indicates if we require client certificate authentication. The default value is false.

Parameters:

needClientAuthentication - True if we require client certificate authentication.

setProtocol

public void setProtocol(java.lang.String protocol)

Sets the secure socket protocol name, "TLS" by default.

Parameters:

protocol - Name of the secure socket protocol to use.

setSecureRandomAlgorithm

public void setSecureRandomAlgorithm(java.lang.String secureRandomAlgorithm)

Sets the SecureRandom algorithm. The default value is null, in which case the default SecureRandom would be used.

Parameters:

secureRandomAlgorithm - The SecureRandom algorithm.

setTrustManagerAlgorithm

public void setTrustManagerAlgorithm(java.lang.String trustManagerAlgorithm)

Sets the TrustManager algorithm. The default value is that of the ssl.TrustManagerFactory.algorithm system property, or "SunX509" if the system property has not been set up.

Parameters:

trustManagerAlgorithm - The TrustManager algorithm.

setTrustStorePassword

public void setTrustStorePassword(char[] trustStorePassword)

Sets the password of the trust store KeyStore. The default value is that of the javax.net.ssl.trustStorePassword system property.

Parameters:

trustStorePassword - The password of the trust store KeyStore.

setTrustStorePassword

public void setTrustStorePassword(java.lang.String trustStorePassword)

Sets the password of the trust store KeyStore. The default value is that of the javax.net.ssl.trustStorePassword system property.

Parameters:

trustStorePassword - The password of the trust store KeyStore.

setTrustStorePath

public void setTrustStorePath(java.lang.String trustStorePath)

Sets the path to the trust store KeyStore. The default value is that of the javax.net.ssl.trustStore system property.

Parameters:

trustStorePath - The trustStorePath to set

setTrustStoreProvider

public void setTrustStoreProvider(java.lang.String trustStoreProvider)

Sets the name of the trust store provider. The default value is that of the javax.net.ssl.trustStoreProvider system property.

Parameters:

trustStoreProvider - The name of the trust store provider.

setTrustStoreType

public void setTrustStoreType(java.lang.String trustStoreType)

Sets the KeyStore type of the trust store. The default value is that of the javax.net.ssl.trustStoreType system property.

Parameters:

trustStoreType - The KeyStore type of the trust store.

setWantClientAuthentication

public void setWantClientAuthentication(boolean wantClientAuthentication)

Indicates if we would like client certificate authentication. The default value is false.

Parameters:

wantClientAuthentication - True if we would like client certificate authentication.