Package org.restlet.engine.ssl

Class DefaultSslContextFactory

java.lang.Object
org.restlet.engine.ssl.SslContextFactory
org.restlet.engine.ssl.DefaultSslContextFactory
public class DefaultSslContextFactory extends SslContextFactory
This SslContextFactory makes it possible to configure most basic options when building an SSLContext. See the init(Series) method for the list of parameters supported by this factory when configuring your HTTP client or server connector. Here is the list of SSL related parameters that are also supported:
list of supported parameters
Parameter name Value type Default value Description
disabledCipherSuites String null Whitespace-separated list of disabled cipher suites and/or can be specified multiple times. It affects the cipher suites manually enabled or the default ones.
disabledProtocols String (see Java Secure Socket Extension (JSSE) reference guide) null Whitespace-separated list of disabled SSL/TLS protocol names and/or can be specified multiple times. Used when creating SSL sockets and engines.
enabledCipherSuites String null Whitespace-separated list of enabled cipher suites and/or can be specified multiple times
enabledProtocols String (see Java Secure Socket Extension (JSSE) reference guide) null Whitespace-separated list of enabled SSL/TLS protocol names and/or can be specified multiple times. Used when creating SSL sockets and engines.
keyManagerAlgorithm String System property "ssl.KeyManagerFactory.algorithm" or "SunX509" Certificate algorithm for the key manager.
keyStorePath String System property "javax.net.ssl.keyStore" or ${user.home}/.keystore SSL keystore path.
keyStorePassword String System property "javax.net.ssl.keyStorePassword" SSL keystore password.
keyStoreType String System property javax.net.ssl.keyStoreType or JKS SSL keystore type
keyPassword String System property "javax.net.ssl.keyStorePassword" SSL key password.
needClientAuthentication boolean false Indicates if we require client certificate authentication. If set to 'true', the "wantClientAuthentication" parameter is ignored.
protocol String TLS (see Java Secure Socket Extension (JSSE) reference guide) SSL protocol used when creating the SSLContext.
secureRandomAlgorithm String null (see java.security.SecureRandom) Name of the RNG algorithm. (see java.security.SecureRandom class)
trustManagerAlgorithm String System property "ssl.TrustManagerFactory.algorithm" or "SunX509" Certificate algorithm for the trust manager.
trustStorePassword String System property "javax.net.ssl.trustStorePassword" Trust store password
trustStorePath String System property "javax.net.ssl.trustStore" Path to trust store
trustStoreType String System property "javax.net.ssl.trustStoreType" Trust store type
wantClientAuthentication boolean false Indicates if we would like client certificate authentication. Only taken into account if the "needClientAuthentication" parameter is 'false'.

In short, two instances of KeyStore are used when configuring an SSLContext: the key store (which contains the public and private keys and certificates to be used locally) and the trust store (which generally holds the CA certificates to be trusted when connecting to a remote host). Both keystore and trust store are KeyStores. When not explicitly set using the setters of this class, the values will default to the default system properties, following the behavior described in the JSSE reference guide.

There is more information in the JSSE Reference Guide.

Author:
Bruno Harbulot
See Also:

  • Constructor Details

    • DefaultSslContextFactory

      public DefaultSslContextFactory()

  • Method Details

    • clone

      protected final DefaultSslContextFactory clone() throws CloneNotSupportedException
      This class is likely to contain sensitive information; cloning is therefore not allowed.
      Overrides:
      clone in class Object
      Throws:
      CloneNotSupportedException

    • createSslContext

      public SSLContext createSslContext() throws Exception
      Creates a configured and initialized SSLContext from the values set via the various setters of this class. If keyStorePath, keyStoreProvider, keyStoreType are all null, the SSLContext will be initialized with a null array of KeyManagers. Similarly, if trustStorePath, trustStoreProvider, trustStoreType are all null, a null array of TrustManagers will be used.
      Specified by:
      createSslContext in class SslContextFactory
      Returns:
      A configured and initialized SSLContext.
      Throws:
      Exception
      See Also:

    • createWrapper

      protected SSLContext createWrapper(SSLContext sslContext)
      Creates a new SSLContext wrapper. Necessary to properly initialize the SSLEngine or SSLSocketFactory or SSLServerSocketFactory created.
      Parameters:
      sslContext - The SSL context to wrap.
      Returns:
      The SSL context wrapper.

    • getDisabledCipherSuites

      public String[] getDisabledCipherSuites()
      Returns the whitespace-separated list of disabled cipher suites.
      Returns:
      The whitespace-separated list of disabled cipher suites.

    • getDisabledProtocols

      public String[] getDisabledProtocols()
      Returns the whitespace-separated list of disabled SSL protocols.
      Returns:
      The whitespace-separated list of disabled SSL protocols.

    • getEnabledCipherSuites

      public String[] getEnabledCipherSuites()
      Returns the whitespace-separated list of enabled cipher suites.
      Returns:
      The whitespace-separated list of enabled cipher suites.

    • getEnabledProtocols

      public String[] getEnabledProtocols()
      Returns the whitespace-separated list of enabled SSL protocols.
      Returns:
      The whitespace-separated list of enabled SSL protocols.

    • getKeyManagerAlgorithm

      public String getKeyManagerAlgorithm()
      Returns the name of the KeyManager algorithm.
      Returns:
      The name of the KeyManager algorithm.

    • getKeyStoreKeyPassword

      public char[] getKeyStoreKeyPassword()
      Returns the password for the key in the keystore (as a String).
      Returns:
      The password for the key in the keystore (as a String).

    • getKeyStorePassword

      public char[] getKeyStorePassword()
      Returns the password for the keystore (as a String).
      Returns:
      The password for the keystore (as a String).

    • getKeyStorePath

      public String getKeyStorePath()
      Returns the path to the KeyStore file.
      Returns:
      The path to the KeyStore file.

    • getKeyStoreProvider

      public String getKeyStoreProvider()
      Returns the name of the keystore provider.
      Returns:
      The name of the keystore provider.

    • getKeyStoreType

      public String getKeyStoreType()
      Returns the keyStore type of the keystore.
      Returns:
      The keyStore type of the keystore.

    • getProtocol

      public String getProtocol()
      Returns the secure socket protocol name, "TLS" by default.
      Returns:
      The secure socket protocol.

    • getSecureRandomAlgorithm

      public String getSecureRandomAlgorithm()
      Returns the name of the SecureRandom algorithm.
      Returns:
      The name of the SecureRandom algorithm.

    • getSelectedCipherSuites

      public String[] getSelectedCipherSuites(String[] supportedCipherSuites)
      Returns the selected cipher suites. The selection is the subset of supported suites that are both in the enabled suites and out of the disabled suites.
      Parameters:
      supportedCipherSuites - The initial cipher suites to restrict.
      Returns:
      The selected cipher suites.

    • getSelectedSslProtocols

      public String[] getSelectedSslProtocols(String[] supportedProtocols)
      Returns the selected SSL protocols. The selection is the subset of supported protocols whose name starts with the name of getEnabledProtocols() name.
      Parameters:
      supportedProtocols - The selected SSL protocols.
      Returns:
      The selected SSL protocols.

    • getTrustManagerAlgorithm

      public String getTrustManagerAlgorithm()
      Returns the name of the TrustManager algorithm.
      Returns:
      The name of the TrustManager algorithm.

    • getTrustStorePassword

      public char[] getTrustStorePassword()
      Returns the password for the trust store keystore.
      Returns:
      The password for the trust store keystore.

    • getTrustStorePath

      public String getTrustStorePath()
      Returns the path to the trust store (keystore) file.
      Returns:
      The path to the trust store (keystore) file.

    • getTrustStoreProvider

      public String getTrustStoreProvider()
      Returns the name of the trust store (keystore) provider.
      Returns:
      The name of the trust store (keystore) provider.

    • getTrustStoreType

      public String getTrustStoreType()
      Returns the KeyStore type of the trust store.
      Returns:
      The KeyStore type of the trust store.

    • init

      public void init(Series<Parameter> helperParameters)
      Sets the following options according to parameters that may have been set up directly in the HttpsClientHelper or HttpsServerHelper parameters. See class Javadocs for the list of parameters supported.
      Specified by:
      init in class SslContextFactory
      Parameters:
      helperParameters - Typically, the parameters that would have been obtained from HttpsServerHelper.getParameters()

    • isNeedClientAuthentication

      public boolean isNeedClientAuthentication()
      Indicates if we require client certificate authentication.
      Returns:
      True if we require client certificate authentication.

    • isWantClientAuthentication

      public boolean isWantClientAuthentication()
      Indicates if we would like client certificate authentication.
      Returns:
      True if we would like client certificate authentication.

    • loadKeyStore

      protected KeyStore loadKeyStore(String path, String provider, String type, char[] password) throws Exception
      Loads a keystore according to its file path, type and password.
      Parameters:
      path - The file path of the keystore.
      provider - The name of the keystore provider.
      type - The keystore type of the keystore.
      password - the optional password of the keystore.
      Returns:
      a keystore.
      Throws:
      Exception

    • setDisabledCipherSuites

      public void setDisabledCipherSuites(String[] disabledCipherSuites)
      Sets the whitespace-separated list of disabled cipher suites.
      Parameters:
      disabledCipherSuites - The whitespace-separated list of disabled cipher suites.

    • setDisabledProtocols

      public void setDisabledProtocols(String[] disabledProtocols)
      Sets the whitespace-separated list of disabled SSL protocols.
      Parameters:
      disabledProtocols - The whitespace-separated list of disabled SSL protocols.

    • setEnabledCipherSuites

      public void setEnabledCipherSuites(String[] enabledCipherSuites)
      Sets the whitespace-separated list of enabled cipher suites.
      Parameters:
      enabledCipherSuites - The whitespace-separated list of enabled cipher suites.

    • setEnabledProtocols

      public void setEnabledProtocols(String[] enabledProtocols)
      Sets the standard name of the protocols to use when creating the SSL sockets or engines.
      Parameters:
      enabledProtocols - The standard name of the protocols to use when creating the SSL sockets or engines.

    • setKeyManagerAlgorithm

      public void setKeyManagerAlgorithm(String keyManagerAlgorithm)
      Sets the KeyManager algorithm. The default value is that of the ssl.KeyManagerFactory.algorithm system property, or "SunX509" if the system property has not been set up.
      Parameters:
      keyManagerAlgorithm - The KeyManager algorithm.

    • setKeyStoreKeyPassword

      public void setKeyStoreKeyPassword(char[] keyStoreKeyPassword)
      Sets the password of the key in the keystore. The default value is that of the javax.net.ssl.keyPassword system property, falling back to javax.net.ssl.keyStorePassword. This system property name is not standard.
      Parameters:
      keyStoreKeyPassword - The password of the key in the keystore.

    • setKeyStoreKeyPassword

      public void setKeyStoreKeyPassword(String keyStoreKeyPassword)
      Sets the password of the key in the keystore. The default value is that of the javax.net.ssl.keyPassword system property, falling back to javax.net.ssl.keyStorePassword. This system property name is not standard.
      Parameters:
      keyStoreKeyPassword - The password of the key in the keystore.

    • setKeyStorePassword

      public void setKeyStorePassword(char[] keyStorePassword)
      Sets the keystore password. The default value is that of the javax.net.ssl.keyStorePassword system property.
      Parameters:
      keyStorePassword - Sets the keystore password.

    • setKeyStorePassword

      public void setKeyStorePassword(String keyStorePassword)
      Sets the keystore password. The default value is that of the javax.net.ssl.keyStorePassword system property.
      Parameters:
      keyStorePassword - Sets the keystore password.

    • setKeyStorePath

      public void setKeyStorePath(String keyStorePath)
      Sets the path to the keystore file. The default value is that of the javax.net.ssl.keyStore system property.
      Parameters:
      keyStorePath - The path to the keystore file.

    • setKeyStoreProvider

      public void setKeyStoreProvider(String keyStoreProvider)
      Sets the name of the keystore provider. The default value is that of the javax.net.ssl.keyStoreProvider system property.
      Parameters:
      keyStoreProvider - The name of the keystore provider.

    • setKeyStoreType

      public void setKeyStoreType(String keyStoreType)
      Sets the KeyStore type of the keystore. The default value is that of the javax.net.ssl.keyStoreType system property.
      Parameters:
      keyStoreType - The KeyStore type of the keystore.

    • setNeedClientAuthentication

      public void setNeedClientAuthentication(boolean needClientAuthentication)
      Indicates if we require client certificate authentication. The default value is false.
      Parameters:
      needClientAuthentication - True if we require client certificate authentication.

    • setProtocol

      public void setProtocol(String protocol)
      Sets the secure socket protocol name, "TLS" by default.
      Parameters:
      protocol - Name of the secure socket protocol to use.

    • setSecureRandomAlgorithm

      public void setSecureRandomAlgorithm(String secureRandomAlgorithm)
      Sets the SecureRandom algorithm. The default value is null, in which case the default SecureRandom would be used.
      Parameters:
      secureRandomAlgorithm - The SecureRandom algorithm.

    • setTrustManagerAlgorithm

      public void setTrustManagerAlgorithm(String trustManagerAlgorithm)
      Sets the TrustManager algorithm. The default value is that of the ssl.TrustManagerFactory.algorithm system property, or "SunX509" if the system property has not been set up.
      Parameters:
      trustManagerAlgorithm - The TrustManager algorithm.

    • setTrustStorePassword

      public void setTrustStorePassword(char[] trustStorePassword)
      Sets the password of the trust store KeyStore. The default value is that of the javax.net.ssl.trustStorePassword system property.
      Parameters:
      trustStorePassword - The password of the trust store KeyStore.

    • setTrustStorePassword

      public void setTrustStorePassword(String trustStorePassword)
      Sets the password of the trust store KeyStore. The default value is that of the javax.net.ssl.trustStorePassword system property.
      Parameters:
      trustStorePassword - The password of the trust store KeyStore.

    • setTrustStorePath

      public void setTrustStorePath(String trustStorePath)
      Sets the path to the trust store KeyStore. The default value is that of the javax.net.ssl.trustStore system property.
      Parameters:
      trustStorePath - The trustStorePath to set

    • setTrustStoreProvider

      public void setTrustStoreProvider(String trustStoreProvider)
      Sets the name of the trust store provider. The default value is that of the javax.net.ssl.trustStoreProvider system property.
      Parameters:
      trustStoreProvider - The name of the trust store provider.

    • setTrustStoreType

      public void setTrustStoreType(String trustStoreType)
      Sets the KeyStore type of the trust store. The default value is that of the javax.net.ssl.trustStoreType system property.
      Parameters:
      trustStoreType - The KeyStore type of the trust store.

    • setWantClientAuthentication

      public void setWantClientAuthentication(boolean wantClientAuthentication)
      Indicates if we would like client certificate authentication. The default value is false.
      Parameters:
      wantClientAuthentication - True if we would like client certificate authentication.