eu.emi.security.authn.x509.impl

Class SocketFactoryCreator

java.lang.Object

eu.emi.security.authn.x509.impl.SocketFactoryCreator

public class SocketFactoryCreator
extends Object

Simple utility allowing programmers to quickly create SSL socket factories using X509CertChainValidator.

Author:

K. Benedyczak

Constructor Summary

Constructors

Constructor and Description
SocketFactoryCreator()

Method Summary

Modifier and Type	Method and Description
static void	connectWithHostnameChecking(SSLSocket socket, HostnameMismatchCallback callback) This method, invoked on an initialized SSL socket will perform the initial handshake (if necessary) and then check if the peer's hostname is matching its certificate.
static SSLServerSocketFactory	getServerSocketFactory(X509Credential c, X509CertChainValidator v) Same as getServerSocketFactory(X509Credential, X509CertChainValidator, SecureRandom) using SecureRandom implementation as the last argument.
static SSLServerSocketFactory	getServerSocketFactory(X509Credential c, X509CertChainValidator v, SecureRandom r) Returns an SSLServerSocketFactory configured to check client certificates with a provided validator.
static SSLSocketFactory	getSocketFactory(X509Credential c, X509CertChainValidator v) Same as getSocketFactory(X509Credential, X509CertChainValidator, SecureRandom) using SecureRandom implementation as the last argument.
static SSLSocketFactory	getSocketFactory(X509Credential c, X509CertChainValidator v, SecureRandom r) Returns an SSLSocketFactory configured to check servers' certificates with a provided validator.
static SSLContext	getSSLContext(X509Credential c, X509CertChainValidator v, SecureRandom r) Low level interface.
static X509TrustManager	getSSLTrustManager(X509CertChainValidator v) Creates a SSL trustmanager which uses the provided validator.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SocketFactoryCreator

public SocketFactoryCreator()

Method Detail

getSSLTrustManager

public static X509TrustManager getSSLTrustManager(X509CertChainValidator v)

Creates a SSL trustmanager which uses the provided validator.

Parameters:

v - validator to use for certificates validation

Returns:

ready to use TrustManager

getSSLContext

public static SSLContext getSSLContext(X509Credential c,
                                       X509CertChainValidator v,
                                       SecureRandom r)

Low level interface. It can be used to get SSLContext object initialized with the provided credential and validator.

Parameters:

c - credential to use for the created sockets. If null, then anonymous socket will be created, what is useful only for client side.

v - validator to use for certificates validation

r - implementation providing random numbers

Returns:

initialized SSLContext object

getServerSocketFactory

public static SSLServerSocketFactory getServerSocketFactory(X509Credential c,
                                                            X509CertChainValidator v,
                                                            SecureRandom r)

Returns an SSLServerSocketFactory configured to check client certificates with a provided validator. Server socket will use the provided credentials.

Parameters:

c - credential to use for the server socket

v - validator to use for client's validation

r - implementation providing random numbers

Returns:

configured SSLServerSocketFactory

getServerSocketFactory

public static SSLServerSocketFactory getServerSocketFactory(X509Credential c,
                                                            X509CertChainValidator v)

Same as getServerSocketFactory(X509Credential, X509CertChainValidator, SecureRandom) using SecureRandom implementation as the last argument. Note that this method might block if the machine has not enough system entropy. It is not suggested to use this method for setting up automatic test environments, however it is suitable for production setups.

Parameters:

c - credential to use for the server socket

v - validator to use for client's validation

Returns:

configured SSLServerSocketFactory

getSocketFactory

public static SSLSocketFactory getSocketFactory(X509Credential c,
                                                X509CertChainValidator v,
                                                SecureRandom r)

Returns an SSLSocketFactory configured to check servers' certificates with a provided validator. Client socket will use the provided credentials.

Parameters:

c - credential to use for the client socket

v - validator to use for server's validation

r - implementation providing random numbers

Returns:

configured SSLSocketFactory

getSocketFactory

public static SSLSocketFactory getSocketFactory(X509Credential c,
                                                X509CertChainValidator v)

Same as getSocketFactory(X509Credential, X509CertChainValidator, SecureRandom) using SecureRandom implementation as the last argument. Note that this method might block if the machine has not enough system entropy. It is not suggested to use this method for setting up automatic test environments, however it is suitable for production setups.

Parameters:

c - credential to use for the client socket

v - validator to use for server's validation

Returns:

configured SSLSocketFactory

connectWithHostnameChecking

public static void connectWithHostnameChecking(SSLSocket socket,
                                               HostnameMismatchCallback callback)
                                        throws SSLPeerUnverifiedException

This method, invoked on an initialized SSL socket will perform the initial handshake (if necessary) and then check if the peer's hostname is matching its certificate. The reaction to a mismatch must be handled by the provided callback.

Parameters:

socket - socket to be checked

callback - used when there is mismatch.

Throws:

SSLPeerUnverifiedException - if the peer was not verified