Class SSLCommProps

All Implemented Interfaces:
EventListener, IGProp<GProp<?>[]>, IPropCnr, Cloneable

public class SSLCommProps extends PropCnr
This property container contains all properties required for a SSL Socket (NIO) connection.
  • Constructor Details

    • SSLCommProps

      public SSLCommProps()
      Creates the socket property container without a name. The name must be set in all cases using the setPropertyAtom call.
    • SSLCommProps

      public SSLCommProps(Atom propertyAtom)
      Creates the socket property container with the specified name. All system-reserved names for components begins with "$".
      Parameters:
      propertyAtom - the name of the component, unique within it's parent.
  • Method Details

    • resetServerCertificates

      public static void resetServerCertificates()
      Resets the accepted or rejected certificates.
    • clone

      public SSLCommProps clone()
      Clones the settings.
      Overrides:
      clone in class PropCnr
    • setStrongCipher

      public void setStrongCipher(boolean on)
      Sets strong cipher encryption requirement, 128 bits or more.
      Parameters:
      on - The enablement flag.
    • getStrongCipher

      public boolean getStrongCipher()
      Gets strong cipher encryption requirement, 128 bits or more.
      Returns:
      true if enabled, false if disabled.
    • setServerAuthentication

      public void setServerAuthentication(boolean on)
      Sets server authentication globally. If off, all servers are accepted.
      Parameters:
      on - The enablement flag.
    • getServerAuthentication

      public boolean getServerAuthentication()
      Gets server authentication globally. If off, all servers are accepted.
      Returns:
      true if enabled, false if disabled.
    • setServerAuthenticationCallback

      public void setServerAuthenticationCallback(boolean on)
      Sets server authentication using callback interface com.iizix.nio.ICertificateUI.
      Parameters:
      on - The enablement flag.
    • getServerAuthenticationCallback

      public boolean getServerAuthenticationCallback()
      Gets server authentication using callback interface com.iizix.nio.ICertificateUI.
      Returns:
      true if enabled, false if disabled.
    • setServerAuthenticationDeploymentInfo

      public void setServerAuthenticationDeploymentInfo(boolean on)
      Sets server authentication using the JRE deployment information.
      Parameters:
      on - The enablement flag.
    • getServerAuthenticationDeploymentInfo

      public boolean getServerAuthenticationDeploymentInfo()
      Gets server authentication using the JRE deployment information.
      Returns:
      true if enabled, false if disabled.
    • setServerAuthenticationCertificates

      public void setServerAuthenticationCertificates(X509Certificate[] certificates) throws PropException, CertificateException
      Sets or removes server authentication using the specified certificates.
      Parameters:
      certificates - The certificates to accept, or null to remove certificate verification.
      Throws:
      PropException - If the property cannot be removed, set or added.
      CertificateEncodingException - If an encoding error occurs.
      CertificateException
    • getServerAuthenticationCertificates

      public X509Certificate[] getServerAuthenticationCertificates() throws CertificateException
      Gets the Server Authentication certificates.
      Returns:
      The array of server certificates (could be empty), or null if this authentication is disabled.
      Throws:
      CertificateException - If no Provider supports a CertificateFactorySpi implementation for the specified type when creating the Certificate Factory, or when the certificate is initialized from the data.
    • setClientCertificateDeploymentInfo

      public void setClientCertificateDeploymentInfo(boolean on)
      Sets Client Certificates using the JRE deployment information.
      Parameters:
      on - The enablement flag.
    • getClientCertificateDeploymentInfo

      public boolean getClientCertificateDeploymentInfo()
      Gets Client Certificates using the JRE deployment information.
      Returns:
      true if enabled, false if disabled.
    • setClientCertificate

      public void setClientCertificate(String fileName, char[] password, boolean doSavePassword) throws PropException, FileNotFoundException, KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException
      Sets or removed the Client Certificate.
      Parameters:
      fileName - The file name of the PKCS#12 file, DER encoded, null to remove client certificate.
      password - The password, or null for none.
      doSavePassword - Flag to save the password. The password is saved "garbled" but not safe for "de-garbling", use with care.
      Throws:
      PropException - If the property cannot be removed, set or added.
      FileNotFoundException - If the file is not found.
      NoSuchAlgorithmException - If the algorithm used to check the integrity of the keystore cannot be found.
      CertificateException - If any of the certificates in the keystore could not be loaded.
      IOException - If there is an I/O or format problem with the keystore data, if a password is required but not given, or if the given password was incorrect. If the error is due to a wrong password, the cause of the IOException should be an UnrecoverableKeyException.
      UnrecoverableKeyException - If the key cannot be recovered (e.g. the given password is wrong).
      KeyStoreException
    • useClientCertificate

      public boolean useClientCertificate()
      Checks a Client Certificate is used.
    • getClientCertificateDescription

      public String getClientCertificateDescription()
      Gets the Client Certificate description.
      Returns:
      null if none is present, otherwise the string.
    • hasSavedClientCertificatePassword

      public boolean hasSavedClientCertificatePassword()
      Checks if the password is saved for the Client Certificate.
    • getClientCertificateKeyManagers

      public KeyManager[] getClientCertificateKeyManagers(String serverDescription, char[] password, ICertificateUI callback) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException
      Gets the keystore for the Client Certificate.

      If no password or callback is set and the password is not saved, an error will be thrown.

      Parameters:
      serverDescription - The server description.
      password - The password, or null for none.
      callback - The callback to request the password from the user, null for none.
      Returns:
      The keystore, or null if client certificate is not used or the user canceled the password dialog box.
      Throws:
      KeyStoreException - If no Provider supports a KeyStoreSpi implementation for the PKCS#12 type.
      NoSuchAlgorithmException - If the algorithm used to check the integrity of the keystore cannot be found.
      CertificateException - If any of the certificates in the keystore could not be loaded.
      IOException - If there is an I/O or format problem with the keystore data, if a password is required but not given, or if the given password was incorrect. If the error is due to a wrong password, the cause of the IOException should be an UnrecoverableKeyException.
      UnrecoverableKeyException - If the key cannot be recovered (e.g. the given password is wrong).
    • createClientSSLEngine

      Creates a Client SSL Engine for the NIO socket communication initialized with these parameters. The SSL context for the settings is cached in order to provide a faster access the second time this method is called.
      Parameters:
      serverDescription - The server description.
      Returns:
      The SSL Engine for the Client, initialized for Client mode.
      Throws:
      KeyStoreException - If no Provider supports a KeyStoreSpi implementation for the PKCS#12 type.
      NoSuchAlgorithmException - If the algorithm used to check the integrity of the keystore cannot be found.
      CertificateException - If any of the certificates in the keystore could not be loaded.
      IOException - If there is an I/O or format problem with the keystore data, if a password is required but not given, or if the given password was incorrect. If the error is due to a wrong password, the cause of the IOException should be an UnrecoverableKeyException.
      UnrecoverableKeyException - If the key cannot be recovered (e.g. the given password is wrong).
      NoSuchProviderException - TLS provider not found.
      KeyManagementException - Key management problems.
    • setHostName

      public void setHostName(String hostName)
      Assigns the Host Name once a session has been established with a socket. This is then used for name clash verification with a server certificate.
    • setCallback

      public void setCallback(ICertificateUI callback)
      Assigns the callback interface to this instance of the properties. Please note that it is not a good idea to do if it's not a new instance of the properties, e.g. if they are loaded from an XML file.
    • getCallback

      public ICertificateUI getCallback()
      Gets the callback assigned to the properties.
      Returns:
      The callback, or null if none has been set.