Package org.kiwiproject.security

Class SimpleSSLContextFactory

java.lang.Object
org.kiwiproject.security.SimpleSSLContextFactory
public class SimpleSSLContextFactory extends Object
A "simple" factory class that makes it simpler to create SSLContext instances.

Construct using one of the public constructors or via the builder(). Prefer using the builder, as the constructors may be deprecated (most likely for removal) in the future.

This abstracts the much lower level KiwiSecurity class.

See Also:

  • Constructor Details

    • SimpleSSLContextFactory

      public SimpleSSLContextFactory(String keyStorePath, String keyStorePassword, String trustStorePath, String trustStorePassword, String protocol)
      Create a new SimpleSSLContextFactory with verifyHostname set to true and "JKS" as the key and trust store type.
      Parameters:
      keyStorePath - path to the key store
      keyStorePassword - password of the key store
      trustStorePath - path to the trust store
      trustStorePassword - password of the trust store
      protocol - the protocol to use

    • SimpleSSLContextFactory

      public SimpleSSLContextFactory(String keyStorePath, String keyStorePassword, String trustStorePath, String trustStorePassword, String protocol, boolean verifyHostname)
      Create a new SimpleSSLContextFactory with "JKS" as the key and trust store type.
      Parameters:
      keyStorePath - path to the key store
      keyStorePassword - password of the key store
      trustStorePath - path to the trust store
      trustStorePassword - password of the trust store
      protocol - the protocol to use
      verifyHostname - whether to verify host names or not

    • SimpleSSLContextFactory

      public SimpleSSLContextFactory(String keyStorePath, String keyStorePassword, String keyStoreType, String trustStorePath, String trustStorePassword, String trustStoreType, String protocol, boolean verifyHostname)
      Create a new SimpleSSLContextFactory.
      Parameters:
      keyStorePath - path to the key store
      keyStorePassword - password of the key store
      keyStoreType - the keystore type
      trustStorePath - path to the trust store
      trustStorePassword - password of the trust store
      trustStoreType - the trust store type
      protocol - the protocol to use
      verifyHostname - whether to verify host names or not

    • SimpleSSLContextFactory

      public SimpleSSLContextFactory(String keyStorePath, String keyStorePassword, String keyStoreType, String trustStorePath, String trustStorePassword, String trustStoreType, String protocol, boolean verifyHostname, boolean disableSniHostCheck)
      Create a new SimpleSSLContextFactory.
      Parameters:
      keyStorePath - path to the key store
      keyStorePassword - password of the key store
      keyStoreType - the keystore type
      trustStorePath - path to the trust store
      trustStorePassword - password of the trust store
      trustStoreType - the trust store type
      protocol - the protocol to use
      verifyHostname - whether to verify host names or not
      disableSniHostCheck - whether to disable SNI host checking

  • Method Details

    • builder

      public static SimpleSSLContextFactory.Builder builder()
      Return a new builder instance.
      Returns:
      new Builder

    • getSslContext

      public SSLContext getSslContext()
      Create/get a SSLContext instance for the key and trust store properties and protocol that this SimpleSSLContextFactory instance was built with.
      Returns:
      a new SSLContext instance when first called; all subsequent calls return the same cached instance
      Implementation Note:
      This is intended to be called infrequently, e.g., once when a service/app starts. It is internally synchronized to ensure thread-safety when creating the SSLContext.

    • configuration

      public Map<String,Object> configuration()
      Get the properties this factory was configured with, including passwords. Callers are responsible for securely handling the result, and not unnecessarily exposing it.
      Returns:
      a map containing the configuration of this factory
      API Note:
      This is publicly exposed, but should not generally be needed except in tests, and perhaps debugging.
      Implementation Note:
      Uses KiwiMaps.newHashMap(Object...) because some values may be null, e.g., the key store path, and wraps that using Collections.unmodifiableMap(Map) to prevent modification of the returned map.

    • isVerifyHostname

      public boolean isVerifyHostname()
      This is not strictly needed when creating SSLContexts. It is here only in case this factory will be supplied to other code that makes HTTPS connections and needs to create SSLContext instances AND also needs to know whether it should perform hostname verification when making HTTPS requests.

    • isDisableSniHostCheck

      public boolean isDisableSniHostCheck()
      This is not strictly needed when creating SSLContexts. It is here only in case this factory will be supplied to other code that makes HTTPS connections and needs to create SSLContext instances AND also needs to know whether it should perform SNI host checking.