|
2.17.2: 2011-06-17 | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object net.sf.basedb.util.ssl.SSLUtil
public class SSLUtil
Utility class for working with SSL connections.
Field Summary | |
---|---|
private static KeyManager[] |
defaultKeyManagers
|
private static org.apache.http.conn.ssl.SSLSocketFactory |
defaultSocketFactory
|
private static TrustManager[] |
defaultTrustManagers
|
Constructor Summary | |
---|---|
SSLUtil()
|
Method Summary | |
---|---|
private static KeyManager[] |
createKeyManagers(KeyStore keyStore,
String password,
String provider,
String algorithm)
|
static KeyStore |
createKeyStore(InputStream store,
String password,
String type,
String provider)
Create a key-store from the given input stream |
private static TrustManager[] |
createTrustManagers(KeyStore keyStore,
String provider,
String algorithm)
|
static Certificate |
getCertificate(InputStream cert,
String type,
String provider)
Get the certificate that is found in the given input stream. |
private static KeyManager[] |
getDefaultKeyManagers()
Get the default keys manages as configured in the base.config file by ssl.keystore.* settings. |
private static TrustManager[] |
getDefaultTrustManagers()
Get the default trust manages as configured in the base.config file by ssl.truststore.* settings. |
static org.apache.http.conn.ssl.SSLSocketFactory |
getSSLSocketFactory()
Get a SSL Socket Factory object that is used to create SSL sockets. |
static org.apache.http.conn.ssl.SSLSocketFactory |
getSSLSocketFactory(byte[] serverCertificate,
byte[] clientCertificate,
String clientCertificatePassword)
Create a SSL socket factory that optionally uses the given trusted server certificate and client certificate. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
private static KeyManager[] defaultKeyManagers
private static TrustManager[] defaultTrustManagers
private static org.apache.http.conn.ssl.SSLSocketFactory defaultSocketFactory
Constructor Detail |
---|
public SSLUtil()
Method Detail |
---|
public static org.apache.http.conn.ssl.SSLSocketFactory getSSLSocketFactory()
URL u = ... // A https url URLConnection conn = u.openConnection(); if (conn instanceof HttpsURLConnection) { ((HttpsURLConnection)conn).setSSLSocketFactory(SSLUtil.getSSLSocketFactory()); }Unless a key-store and/or trust-store has been configured this method returns a default socket factory provided by
HttpsURLConnection.getDefaultSSLSocketFactory()
.
A key-store is used to store personal certificates that are used for authentication with the server. A key-store can be setup with the following configuration options in base.config.
A trust-store is used to store public certificates of of servers that are trusted. The default trust-store uses the certificates that are shipped with the java runtime in $JAVA_HOME/jre/lib/security/cacerts. A trust-store can be setup with the following configuration options in base.config.
public static org.apache.http.conn.ssl.SSLSocketFactory getSSLSocketFactory(byte[] serverCertificate, byte[] clientCertificate, String clientCertificatePassword)
getSSLSocketFactory()
is returned.
serverCertificate
- The trusted server certificate data or null to use
the default trusted certificates (see getSSLSocketFactory()
. The
data must represent a X.509 certificate in binary or base64-encoded DER
formatclientCertificate
- The client certificate to use for authorization with
the server or null to use the default certificates. The data must represent
a PKCS #12 cretificate in binary formclientCertificatePassword
- A password used to unlock the client
certificate
private static TrustManager[] getDefaultTrustManagers() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, NoSuchProviderException, IOException
KeyStoreException
NoSuchAlgorithmException
CertificateException
NoSuchProviderException
IOException
private static KeyManager[] getDefaultKeyManagers() throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, CertificateException, NoSuchProviderException, IOException
UnrecoverableKeyException
KeyStoreException
NoSuchAlgorithmException
CertificateException
NoSuchProviderException
IOException
public static KeyStore createKeyStore(InputStream store, String password, String type, String provider) throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException, IOException
store
- The stream with key-store datapassword
- The password to unlock the keystore
KeyStoreException
NoSuchProviderException
NoSuchAlgorithmException
CertificateException
IOException
public static Certificate getCertificate(InputStream cert, String type, String provider) throws CertificateException, NoSuchProviderException
cert
- The stream with the certificate informationtype
- The type of the certificate, usually "X.509"
X509Certificate
CertificateException
NoSuchProviderException
private static KeyManager[] createKeyManagers(KeyStore keyStore, String password, String provider, String algorithm) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException, NoSuchProviderException
KeyStoreException
NoSuchAlgorithmException
CertificateException
IOException
UnrecoverableKeyException
NoSuchProviderException
private static TrustManager[] createTrustManagers(KeyStore keyStore, String provider, String algorithm) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, NoSuchProviderException
KeyStoreException
NoSuchAlgorithmException
CertificateException
IOException
NoSuchProviderException
|
2.17.2: 2011-06-17 | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |