Package eu.emi.security.authn.x509.impl

Class SocketFactoryCreator

  • public class SocketFactoryCreator
extends java.lang.Object
    Simple utility allowing programmers to quickly create SSL socket factories using X509CertChainValidator.
    Author:
    K. Benedyczak

    • Constructor Detail

      • SocketFactoryCreator

        public SocketFactoryCreator()

    • Method Detail

      • getSSLTrustManager

        public static javax.net.ssl.X509TrustManager getSSLTrustManager​(X509CertChainValidator v)
        Creates a SSL trustmanager which uses the provided validator.
        Parameters:
        v - validator to use for certificates validation
        Returns:
        ready to use TrustManager

      • getSSLContext

        public static javax.net.ssl.SSLContext getSSLContext​(X509Credential c,
                                                     X509CertChainValidator v,
                                                     java.security.SecureRandom r)
        Low level interface. It can be used to get SSLContext object initialized with the provided credential and validator.
        Parameters:
        c - credential to use for the created sockets. If null, then anonymous socket will be created, what is useful only for client side.
        v - validator to use for certificates validation
        r - implementation providing random numbers
        Returns:
        initialized SSLContext object

      • getServerSocketFactory

        public static javax.net.ssl.SSLServerSocketFactory getServerSocketFactory​(X509Credential c,
                                                                          X509CertChainValidator v,
                                                                          java.security.SecureRandom r)
        Returns an SSLServerSocketFactory configured to check client certificates with a provided validator. Server socket will use the provided credentials.
        Parameters:
        c - credential to use for the server socket
        v - validator to use for client's validation
        r - implementation providing random numbers
        Returns:
        configured SSLServerSocketFactory

      • getServerSocketFactory

        public static javax.net.ssl.SSLServerSocketFactory getServerSocketFactory​(X509Credential c,
                                                                          X509CertChainValidator v)
        Same as getServerSocketFactory(X509Credential, X509CertChainValidator, SecureRandom) using SecureRandom implementation as the last argument. Note that this method might block if the machine has not enough system entropy. It is not suggested to use this method for setting up automatic test environments, however it is suitable for production setups.
        Parameters:
        c - credential to use for the server socket
        v - validator to use for client's validation
        Returns:
        configured SSLServerSocketFactory

      • getSocketFactory

        public static javax.net.ssl.SSLSocketFactory getSocketFactory​(X509Credential c,
                                                              X509CertChainValidator v,
                                                              java.security.SecureRandom r)
        Returns an SSLSocketFactory configured to check servers' certificates with a provided validator. Client socket will use the provided credentials.
        Parameters:
        c - credential to use for the client socket
        v - validator to use for server's validation
        r - implementation providing random numbers
        Returns:
        configured SSLSocketFactory

      • getSocketFactory

        public static javax.net.ssl.SSLSocketFactory getSocketFactory​(X509Credential c,
                                                              X509CertChainValidator v)
        Same as getSocketFactory(X509Credential, X509CertChainValidator, SecureRandom) using SecureRandom implementation as the last argument. Note that this method might block if the machine has not enough system entropy. It is not suggested to use this method for setting up automatic test environments, however it is suitable for production setups.
        Parameters:
        c - credential to use for the client socket
        v - validator to use for server's validation
        Returns:
        configured SSLSocketFactory

      • connectWithHostnameChecking

        public static void connectWithHostnameChecking​(javax.net.ssl.SSLSocket socket,
                                               HostnameMismatchCallback callback)
                                        throws javax.net.ssl.SSLPeerUnverifiedException
        This method, invoked on an initialized SSL socket will perform the initial handshake (if necessary) and then check if the peer's hostname is matching its certificate. The reaction to a mismatch must be handled by the provided callback.
        Parameters:
        socket - socket to be checked
        callback - used when there is mismatch.
        Throws:
        javax.net.ssl.SSLPeerUnverifiedException - if the peer was not verified