Package org.restlet.engine.ssl

Class DefaultSslContextFactory

  • public class DefaultSslContextFactory
extends SslContextFactory
    This SslContextFactory makes it possible to configure most basic options when building an SSLContext. See the init(Series) method for the list of parameters supported by this factory when configuring your HTTP client or server connector. Here is the list of SSL related parameters that are also supported:
    Parameter name Value type Default value Description
    disabledCipherSuites String null Whitespace-separated list of disabled cipher suites and/or can be specified multiple times. It affects the cipher suites manually enabled or the default ones.
    disabledProtocols String (see Java Secure Socket Extension (JSSE) reference guide) null Whitespace-separated list of disabled SSL/TLS protocol names and/or can be specified multiple times. Used when creating SSL sockets and engines.
    enabledCipherSuites String null Whitespace-separated list of enabled cipher suites and/or can be specified multiple times
    enabledProtocols String (see Java Secure Socket Extension (JSSE) reference guide) null Whitespace-separated list of enabled SSL/TLS protocol names and/or can be specified multiple times. Used when creating SSL sockets and engines.
    keyManagerAlgorithm String System property "ssl.KeyManagerFactory.algorithm" or "SunX509" Certificate algorithm for the key manager.
    keyStorePath String System property "javax.net.ssl.keyStore" or ${user.home}/.keystore SSL keystore path.
    keyStorePassword String System property "javax.net.ssl.keyStorePassword" SSL keystore password.
    keyStoreType String System property javax.net.ssl.keyStoreType or JKS SSL keystore type
    keyPassword String System property "javax.net.ssl.keyStorePassword" SSL key password.
    needClientAuthentication boolean false Indicates if we require client certificate authentication. If set to 'true', the "wantClientAuthentication" parameter is ignored.
    protocol String TLS (see Java Secure Socket Extension (JSSE) reference guide) SSL protocol used when creating the SSLContext.
    secureRandomAlgorithm String null (see java.security.SecureRandom) Name of the RNG algorithm. (see java.security.SecureRandom class)
    trustManagerAlgorithm String System property "ssl.TrustManagerFactory.algorithm" or "SunX509" Certificate algorithm for the trust manager.
    trustStorePassword String System property "javax.net.ssl.trustStorePassword" Trust store password
    trustStorePath String System property "javax.net.ssl.trustStore" Path to trust store
    trustStoreType String System property "javax.net.ssl.trustStoreType" Trust store type
    wantClientAuthentication boolean false Indicates if we would like client certificate authentication. Only taken into account if the "needClientAuthentication" parameter is 'false'.

    In short, two instances of KeyStore are used when configuring an SSLContext: the key store (which contains the public and private keys and certificates to be used locally) and the trust store (which generally holds the CA certificates to be trusted when connecting to a remote host). Both keystore and trust store are KeyStores. When not explicitly set using the setters of this class, the values will default to the default system properties, following the behavior described in the JSSE reference guide.

    There is more information in the JSSE Reference Guide.

    See Also:
    SSLContext, KeyStore, JSSE Reference - Standard names

    • Field Summary

      Fields 
      Modifier and Type Field Description
      private java.lang.String[] disabledCipherSuites
      The whitespace-separated list of disabled cipher suites.
      private java.lang.String[] disabledProtocols
      The whitespace-separated list of disabled SSL protocols.
      private java.lang.String[] enabledCipherSuites
      The whitespace-separated list of enabled cipher suites.
      private java.lang.String[] enabledProtocols
      The whitespace-separated list of enabled SSL protocols.
      private java.lang.String keyManagerAlgorithm
      The name of the KeyManager algorithm.
      private char[] keyStoreKeyPassword
      The password for the key in the keystore (as a String).
      private char[] keyStorePassword
      The password for the keystore (as a String).
      private java.lang.String keyStorePath
      The path to the KeyStore file.
      private java.lang.String keyStoreProvider
      The name of the keystore provider.
      private java.lang.String keyStoreType
      The keyStore type of the keystore.
      private boolean needClientAuthentication
      Indicates if we require client certificate authentication.
      private java.lang.String protocol
      The standard name of the protocol to use when creating the SSLContext.
      private java.lang.String secureRandomAlgorithm
      The name of the SecureRandom algorithm.
      private java.lang.String trustManagerAlgorithm
      The name of the TrustManager algorithm.
      private char[] trustStorePassword
      The password for the trust store keystore.
      private java.lang.String trustStorePath
      The path to the trust store (keystore) file.
      private java.lang.String trustStoreProvider
      The name of the trust store (keystore) provider.
      private java.lang.String trustStoreType
      The KeyStore type of the trust store.
      private boolean wantClientAuthentication
      Indicates if we would like client certificate authentication.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      protected DefaultSslContextFactory clone()
      This class is likely to contain sensitive information; cloning is therefore not allowed.
      javax.net.ssl.SSLContext createSslContext()
      Creates a configured and initialized SSLContext from the values set via the various setters of this class.
      protected javax.net.ssl.SSLContext createWrapper​(javax.net.ssl.SSLContext sslContext)
      Creates a new SSLContext wrapper.
      java.lang.String[] getDisabledCipherSuites()
      Returns the whitespace-separated list of disabled cipher suites.
      java.lang.String[] getDisabledProtocols()
      Returns the whitespace-separated list of disabled SSL protocols.
      java.lang.String[] getEnabledCipherSuites()
      Returns the whitespace-separated list of enabled cipher suites.
      java.lang.String[] getEnabledProtocols()
      Returns the whitespace-separated list of enabled SSL protocols.
      java.lang.String getKeyManagerAlgorithm()
      Returns the name of the KeyManager algorithm.
      char[] getKeyStoreKeyPassword()
      Returns the password for the key in the keystore (as a String).
      char[] getKeyStorePassword()
      Returns the password for the keystore (as a String).
      java.lang.String getKeyStorePath()
      Returns the path to the KeyStore file.
      java.lang.String getKeyStoreProvider()
      Returns the name of the keystore provider.
      java.lang.String getKeyStoreType()
      Returns the keyStore type of the keystore.
      java.lang.String getProtocol()
      Returns the secure socket protocol name, "TLS" by default.
      java.lang.String getSecureRandomAlgorithm()
      Returns the name of the SecureRandom algorithm.
      java.lang.String[] getSelectedCipherSuites​(java.lang.String[] supportedCipherSuites)
      Returns the selected cipher suites.
      java.lang.String[] getSelectedSslProtocols​(java.lang.String[] supportedProtocols)
      Returns the selected SSL protocols.
      java.lang.String getTrustManagerAlgorithm()
      Returns the name of the TrustManager algorithm.
      char[] getTrustStorePassword()
      Returns the password for the trust store keystore.
      java.lang.String getTrustStorePath()
      Returns the path to the trust store (keystore) file.
      java.lang.String getTrustStoreProvider()
      Returns the name of the trust store (keystore) provider.
      java.lang.String getTrustStoreType()
      Returns the KeyStore type of the trust store.
      void init​(Series<Parameter> helperParameters)
      Sets the following options according to parameters that may have been set up directly in the HttpsClientHelper or HttpsServerHelper parameters.
      boolean isNeedClientAuthentication()
      Indicates if we require client certificate authentication.
      boolean isWantClientAuthentication()
      Indicates if we would like client certificate authentication.
      void setDisabledCipherSuites​(java.lang.String[] disabledCipherSuites)
      Sets the whitespace-separated list of disabled cipher suites.
      void setDisabledProtocols​(java.lang.String[] disabledProtocols)
      Sets the whitespace-separated list of disabled SSL protocols.
      void setEnabledCipherSuites​(java.lang.String[] enabledCipherSuites)
      Sets the whitespace-separated list of enabled cipher suites.
      void setEnabledProtocols​(java.lang.String[] enabledProtocols)
      Sets the standard name of the protocols to use when creating the SSL sockets or engines.
      void setKeyManagerAlgorithm​(java.lang.String keyManagerAlgorithm)
      Sets the KeyManager algorithm.
      void setKeyStoreKeyPassword​(char[] keyStoreKeyPassword)
      Sets the password of the key in the keystore.
      void setKeyStoreKeyPassword​(java.lang.String keyStoreKeyPassword)
      Sets the password of the key in the keystore.
      void setKeyStorePassword​(char[] keyStorePassword)
      Sets the keystore password.
      void setKeyStorePassword​(java.lang.String keyStorePassword)
      Sets the keystore password.
      void setKeyStorePath​(java.lang.String keyStorePath)
      Sets the path to the keystore file.
      void setKeyStoreProvider​(java.lang.String keyStoreProvider)
      Sets the name of the keystore provider.
      void setKeyStoreType​(java.lang.String keyStoreType)
      Sets the KeyStore type of the keystore.
      void setNeedClientAuthentication​(boolean needClientAuthentication)
      Indicates if we require client certificate authentication.
      void setProtocol​(java.lang.String protocol)
      Sets the secure socket protocol name, "TLS" by default.
      void setSecureRandomAlgorithm​(java.lang.String secureRandomAlgorithm)
      Sets the SecureRandom algorithm.
      void setTrustManagerAlgorithm​(java.lang.String trustManagerAlgorithm)
      Sets the TrustManager algorithm.
      void setTrustStorePassword​(char[] trustStorePassword)
      Sets the password of the trust store KeyStore.
      void setTrustStorePassword​(java.lang.String trustStorePassword)
      Sets the password of the trust store KeyStore.
      void setTrustStorePath​(java.lang.String trustStorePath)
      Sets the path to the trust store KeyStore.
      void setTrustStoreProvider​(java.lang.String trustStoreProvider)
      Sets the name of the trust store provider.
      void setTrustStoreType​(java.lang.String trustStoreType)
      Sets the KeyStore type of the trust store.
      void setWantClientAuthentication​(boolean wantClientAuthentication)
      Indicates if we would like client certificate authentication.

      • Methods inherited from class java.lang.Object

        equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • disabledCipherSuites

        private volatile java.lang.String[] disabledCipherSuites
        The whitespace-separated list of disabled cipher suites.

      • disabledProtocols

        private volatile java.lang.String[] disabledProtocols
        The whitespace-separated list of disabled SSL protocols.

      • enabledCipherSuites

        private volatile java.lang.String[] enabledCipherSuites
        The whitespace-separated list of enabled cipher suites.

      • enabledProtocols

        private volatile java.lang.String[] enabledProtocols
        The whitespace-separated list of enabled SSL protocols.

      • keyManagerAlgorithm

        private volatile java.lang.String keyManagerAlgorithm
        The name of the KeyManager algorithm.

      • keyStoreKeyPassword

        private volatile char[] keyStoreKeyPassword
        The password for the key in the keystore (as a String).

      • keyStorePassword

        private volatile char[] keyStorePassword
        The password for the keystore (as a String).

      • keyStorePath

        private volatile java.lang.String keyStorePath
        The path to the KeyStore file.

      • keyStoreProvider

        private volatile java.lang.String keyStoreProvider
        The name of the keystore provider.

      • keyStoreType

        private volatile java.lang.String keyStoreType
        The keyStore type of the keystore.

      • needClientAuthentication

        private volatile boolean needClientAuthentication
        Indicates if we require client certificate authentication.

      • protocol

        private volatile java.lang.String protocol
        The standard name of the protocol to use when creating the SSLContext.

      • secureRandomAlgorithm

        private volatile java.lang.String secureRandomAlgorithm
        The name of the SecureRandom algorithm.

      • trustManagerAlgorithm

        private volatile java.lang.String trustManagerAlgorithm
        The name of the TrustManager algorithm.

      • trustStorePassword

        private volatile char[] trustStorePassword
        The password for the trust store keystore.

      • trustStorePath

        private volatile java.lang.String trustStorePath
        The path to the trust store (keystore) file.

      • trustStoreProvider

        private volatile java.lang.String trustStoreProvider
        The name of the trust store (keystore) provider.

      • trustStoreType

        private volatile java.lang.String trustStoreType
        The KeyStore type of the trust store.

      • wantClientAuthentication

        private volatile boolean wantClientAuthentication
        Indicates if we would like client certificate authentication.

    • Constructor Detail

      • DefaultSslContextFactory

        public DefaultSslContextFactory()

    • Method Detail

      • clone

        protected final DefaultSslContextFactory clone()
                                        throws java.lang.CloneNotSupportedException
        This class is likely to contain sensitive information; cloning is therefore not allowed.
        Overrides:
        clone in class java.lang.Object
        Throws:
        java.lang.CloneNotSupportedException

      • createSslContext

        public javax.net.ssl.SSLContext createSslContext()
                                          throws java.lang.Exception
        Creates a configured and initialized SSLContext from the values set via the various setters of this class. If keyStorePath, keyStoreProvider, keyStoreType are all null, the SSLContext will be initialized with a null array of KeyManagers. Similarly, if trustStorePath, trustStoreProvider, trustStoreType are all null, a null array of TrustManagers will be used.
        Specified by:
        createSslContext in class SslContextFactory
        Returns:
        A configured and initialized SSLContext.
        Throws:
        java.lang.Exception
        See Also:
        SSLContext.init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)

      • createWrapper

        protected javax.net.ssl.SSLContext createWrapper​(javax.net.ssl.SSLContext sslContext)
        Creates a new SSLContext wrapper. Necessary to properly initialize the SSLEngine or SSLSocketFactory or SSLServerSocketFactory created.
        Parameters:
        sslContext - The SSL context to wrap.
        Returns:
        The SSL context wrapper.

      • getDisabledCipherSuites

        public java.lang.String[] getDisabledCipherSuites()
        Returns the whitespace-separated list of disabled cipher suites.
        Returns:
        The whitespace-separated list of disabled cipher suites.

      • getDisabledProtocols

        public java.lang.String[] getDisabledProtocols()
        Returns the whitespace-separated list of disabled SSL protocols.
        Returns:
        The whitespace-separated list of disabled SSL protocols.

      • getEnabledCipherSuites

        public java.lang.String[] getEnabledCipherSuites()
        Returns the whitespace-separated list of enabled cipher suites.
        Returns:
        The whitespace-separated list of enabled cipher suites.

      • getEnabledProtocols

        public java.lang.String[] getEnabledProtocols()
        Returns the whitespace-separated list of enabled SSL protocols.
        Returns:
        The whitespace-separated list of enabled SSL protocols.

      • getKeyManagerAlgorithm

        public java.lang.String getKeyManagerAlgorithm()
        Returns the name of the KeyManager algorithm.
        Returns:
        The name of the KeyManager algorithm.

      • getKeyStoreKeyPassword

        public char[] getKeyStoreKeyPassword()
        Returns the password for the key in the keystore (as a String).
        Returns:
        The password for the key in the keystore (as a String).

      • getKeyStorePassword

        public char[] getKeyStorePassword()
        Returns the password for the keystore (as a String).
        Returns:
        The password for the keystore (as a String).

      • getKeyStorePath

        public java.lang.String getKeyStorePath()
        Returns the path to the KeyStore file.
        Returns:
        The path to the KeyStore file.

      • getKeyStoreProvider

        public java.lang.String getKeyStoreProvider()
        Returns the name of the keystore provider.
        Returns:
        The name of the keystore provider.

      • getKeyStoreType

        public java.lang.String getKeyStoreType()
        Returns the keyStore type of the keystore.
        Returns:
        The keyStore type of the keystore.

      • getProtocol

        public java.lang.String getProtocol()
        Returns the secure socket protocol name, "TLS" by default.
        Returns:
        The secure socket protocol.

      • getSecureRandomAlgorithm

        public java.lang.String getSecureRandomAlgorithm()
        Returns the name of the SecureRandom algorithm.
        Returns:
        The name of the SecureRandom algorithm.

      • getSelectedCipherSuites

        public java.lang.String[] getSelectedCipherSuites​(java.lang.String[] supportedCipherSuites)
        Returns the selected cipher suites. The selection is the subset of supported suites that are both in the enable suites and out of the disabled suites.
        Parameters:
        supportedCipherSuites - The initial cipher suites to restrict.
        Returns:
        The selected cipher suites.

      • getSelectedSslProtocols

        public java.lang.String[] getSelectedSslProtocols​(java.lang.String[] supportedProtocols)
        Returns the selected SSL protocols. The selection is the subset of supported protocols whose name starts with the name of of getEnabledProtocols() name.
        Parameters:
        supportedProtocols - The selected SSL protocols.
        Returns:
        The selected SSL protocols.

      • getTrustManagerAlgorithm

        public java.lang.String getTrustManagerAlgorithm()
        Returns the name of the TrustManager algorithm.
        Returns:
        The name of the TrustManager algorithm.

      • getTrustStorePassword

        public char[] getTrustStorePassword()
        Returns the password for the trust store keystore.
        Returns:
        The password for the trust store keystore.

      • getTrustStorePath

        public java.lang.String getTrustStorePath()
        Returns the path to the trust store (keystore) file.
        Returns:
        The path to the trust store (keystore) file.

      • getTrustStoreProvider

        public java.lang.String getTrustStoreProvider()
        Returns the name of the trust store (keystore) provider.
        Returns:
        The name of the trust store (keystore) provider.

      • getTrustStoreType

        public java.lang.String getTrustStoreType()
        Returns the KeyStore type of the trust store.
        Returns:
        The KeyStore type of the trust store.

      • init

        public void init​(Series<Parameter> helperParameters)
        Sets the following options according to parameters that may have been set up directly in the HttpsClientHelper or HttpsServerHelper parameters. See class Javadocs for the list of parameters supported.
        Specified by:
        init in class SslContextFactory
        Parameters:
        helperParameters - Typically, the parameters that would have been obtained from HttpsServerHelper.getParameters()

      • isNeedClientAuthentication

        public boolean isNeedClientAuthentication()
        Indicates if we require client certificate authentication.
        Returns:
        True if we require client certificate authentication.

      • isWantClientAuthentication

        public boolean isWantClientAuthentication()
        Indicates if we would like client certificate authentication.
        Returns:
        True if we would like client certificate authentication.

      • setDisabledCipherSuites

        public void setDisabledCipherSuites​(java.lang.String[] disabledCipherSuites)
        Sets the whitespace-separated list of disabled cipher suites.
        Parameters:
        disabledCipherSuites - The whitespace-separated list of disabled cipher suites.

      • setDisabledProtocols

        public void setDisabledProtocols​(java.lang.String[] disabledProtocols)
        Sets the whitespace-separated list of disabled SSL protocols.
        Parameters:
        disabledProtocols - The whitespace-separated list of disabled SSL protocols.

      • setEnabledCipherSuites

        public void setEnabledCipherSuites​(java.lang.String[] enabledCipherSuites)
        Sets the whitespace-separated list of enabled cipher suites.
        Parameters:
        enabledCipherSuites - The whitespace-separated list of enabled cipher suites.

      • setEnabledProtocols

        public void setEnabledProtocols​(java.lang.String[] enabledProtocols)
        Sets the standard name of the protocols to use when creating the SSL sockets or engines.
        Parameters:
        enabledProtocols - The standard name of the protocols to use when creating the SSL sockets or engines.

      • setKeyManagerAlgorithm

        public void setKeyManagerAlgorithm​(java.lang.String keyManagerAlgorithm)
        Sets the KeyManager algorithm. The default value is that of the ssl.KeyManagerFactory.algorithm system property, or "SunX509" if the system property has not been set up.
        Parameters:
        keyManagerAlgorithm - The KeyManager algorithm.

      • setKeyStoreKeyPassword

        public void setKeyStoreKeyPassword​(char[] keyStoreKeyPassword)
        Sets the password of the key in the keystore. The default value is that of the javax.net.ssl.keyPassword system property, falling back to javax.net.ssl.keyStorePassword. This system property name is not standard.
        Parameters:
        keyStoreKeyPassword - The password of the key in the keystore.

      • setKeyStoreKeyPassword

        public void setKeyStoreKeyPassword​(java.lang.String keyStoreKeyPassword)
        Sets the password of the key in the keystore. The default value is that of the javax.net.ssl.keyPassword system property, falling back to javax.net.ssl.keyStorePassword. This system property name is not standard.
        Parameters:
        keyStoreKeyPassword - The password of the key in the keystore.

      • setKeyStorePassword

        public void setKeyStorePassword​(char[] keyStorePassword)
        Sets the keystore password. The default value is that of the javax.net.ssl.keyStorePassword system property.
        Parameters:
        keyStorePassword - Sets the keystore password.

      • setKeyStorePassword

        public void setKeyStorePassword​(java.lang.String keyStorePassword)
        Sets the keystore password. The default value is that of the javax.net.ssl.keyStorePassword system property.
        Parameters:
        keyStorePassword - Sets the keystore password.

      • setKeyStorePath

        public void setKeyStorePath​(java.lang.String keyStorePath)
        Sets the path to the keystore file. The default value is that of the javax.net.ssl.keyStore system property.
        Parameters:
        keyStorePath - The path to the keystore file.

      • setKeyStoreProvider

        public void setKeyStoreProvider​(java.lang.String keyStoreProvider)
        Sets the name of the keystore provider. The default value is that of the javax.net.ssl.keyStoreProvider system property.
        Parameters:
        keyStoreProvider - The name of the keystore provider.

      • setKeyStoreType

        public void setKeyStoreType​(java.lang.String keyStoreType)
        Sets the KeyStore type of the keystore. The default value is that of the javax.net.ssl.keyStoreType system property.
        Parameters:
        keyStoreType - The KeyStore type of the keystore.

      • setNeedClientAuthentication

        public void setNeedClientAuthentication​(boolean needClientAuthentication)
        Indicates if we require client certificate authentication. The default value is false.
        Parameters:
        needClientAuthentication - True if we require client certificate authentication.

      • setProtocol

        public void setProtocol​(java.lang.String protocol)
        Sets the secure socket protocol name, "TLS" by default.
        Parameters:
        protocol - Name of the secure socket protocol to use.

      • setSecureRandomAlgorithm

        public void setSecureRandomAlgorithm​(java.lang.String secureRandomAlgorithm)
        Sets the SecureRandom algorithm. The default value is null, in which case the default SecureRandom would be used.
        Parameters:
        secureRandomAlgorithm - The SecureRandom algorithm.

      • setTrustManagerAlgorithm

        public void setTrustManagerAlgorithm​(java.lang.String trustManagerAlgorithm)
        Sets the TrustManager algorithm. The default value is that of the ssl.TrustManagerFactory.algorithm system property, or "SunX509" if the system property has not been set up.
        Parameters:
        trustManagerAlgorithm - The TrustManager algorithm.

      • setTrustStorePassword

        public void setTrustStorePassword​(char[] trustStorePassword)
        Sets the password of the trust store KeyStore. The default value is that of the javax.net.ssl.trustStorePassword system property.
        Parameters:
        trustStorePassword - The password of the trust store KeyStore.

      • setTrustStorePassword

        public void setTrustStorePassword​(java.lang.String trustStorePassword)
        Sets the password of the trust store KeyStore. The default value is that of the javax.net.ssl.trustStorePassword system property.
        Parameters:
        trustStorePassword - The password of the trust store KeyStore.

      • setTrustStorePath

        public void setTrustStorePath​(java.lang.String trustStorePath)
        Sets the path to the trust store KeyStore. The default value is that of the javax.net.ssl.trustStore system property.
        Parameters:
        trustStorePath - The trustStorePath to set

      • setTrustStoreProvider

        public void setTrustStoreProvider​(java.lang.String trustStoreProvider)
        Sets the name of the trust store provider. The default value is that of the javax.net.ssl.trustStoreProvider system property.
        Parameters:
        trustStoreProvider - The name of the trust store provider.

      • setTrustStoreType

        public void setTrustStoreType​(java.lang.String trustStoreType)
        Sets the KeyStore type of the trust store. The default value is that of the javax.net.ssl.trustStoreType system property.
        Parameters:
        trustStoreType - The KeyStore type of the trust store.

      • setWantClientAuthentication

        public void setWantClientAuthentication​(boolean wantClientAuthentication)
        Indicates if we would like client certificate authentication. The default value is false.
        Parameters:
        wantClientAuthentication - True if we would like client certificate authentication.