Package org.forgerock.opendj.security

Class SslOptions

java.lang.Object
org.forgerock.opendj.security.SslOptions
public final class SslOptions extends Object
Encapsulates options for configuring SSL based security as well as providing methods for building SSLEngines.

  • Field Details

  • Method Details

    • isSslHostNameValidationEnabled

      public static boolean isSslHostNameValidationEnabled()
      Returns whether server host name validation against the SSL certificate's subject must be performed.
      Returns:
      true If the host name must be validated, false otherwise.

    • newClientSslEngine

      public static SSLEngine newClientSslEngine(SslOptions sslOptions, String host, int port)
      Creates a new SSLEngine configured to be used by a client application. Provide a host and port in order to perform host name verification.
      Parameters:
      sslOptions - SslOptions to use to configure the SSLEngine.
      host - The non-authoritative name of the peer host.
      port - The non-authoritative peer port.
      Returns:
      A new SSLEngine which has been configured with the settings contained in this SslOptions

    • newServerSslEngine

      public static SSLEngine newServerSslEngine(SslOptions sslOptions)
      Creates a new SSLEngine configured to be used by a server application.
      Parameters:
      sslOptions - SslOptions to use to configure the SSLEngine.
      Returns:
      A new SSLEngine which has been configured with the settings contained in this SslOptions

    • supportedCipherSuites

      public static List<String> supportedCipherSuites()
      Returns a List of TLS cipher suites names reported as supported by the running JVM.
      Returns:
      a List of TLS cipher suites names reported as supported by the running JVM

    • supportedProtocols

      public static List<String> supportedProtocols()
      Returns a List of TLS protocol names reported as supported by the running JVM.
      Returns:
      a List of TLS protocol names reported as supported by the running JVM

    • newSslOptions

      public static SslOptions newSslOptions(KeyManager keyManager, TrustManager trustManager) throws KeyManagementException
      Creates a new SslOptions for the provided key manager and trust manager.
      Parameters:
      keyManager - The key manager, which may be null indicating that no certificates will be used.
      trustManager - The trust manager, which may be null. In the latter case, only certificates signed by the authorities associated with the installed security providers of this JVM are accepted.
      Returns:
      A new SslOptions instance.
      Throws:
      KeyManagementException - If the key manager or trust manager could not be used for some reason.

    • newSslOptions

      public static SslOptions newSslOptions(KeyManager[] keyManagers, TrustManager[] trustManagers) throws KeyManagementException
      Creates a new SslOptions for the provided key managers and trust managers.
      Parameters:
      keyManagers - The key managers, which may be null indicating that no certificates will be used.
      trustManagers - The trust manager, which may be null. In the latter case, only certificates signed by the authorities associated with the installed security providers of this JVM are accepted.
      Returns:
      A new SslOptions instance.
      Throws:
      KeyManagementException - If the key managers or trust managers could not be used for some reason.

    • copyOfSslOptions

      public static SslOptions copyOfSslOptions(SslOptions sslOptions)
      Creates a copy of the provided SslOptions.
      Parameters:
      sslOptions - The SslOptions
      Returns:
      A new SslOptions instance.

    • clientAuthPolicy

      public SslOptions.ClientAuthPolicy clientAuthPolicy()
      Returns the client authentication policy. This option is only useful in server mode.
      Returns:
      The SslOptions.ClientAuthPolicy option.

    • enabledProtocols

      public String[] enabledProtocols()
      Returns the names of the protocol versions which are currently enabled for secure connections with the Directory Server.
      Returns:
      an array of protocols or null if the default protocols are to be used.

    • enabledCipherSuites

      public String[] enabledCipherSuites()
      Returns the names of the cipher suites which are currently enabled for secure connections with the Directory Server.
      Returns:
      an array of cipher-suite or null if the default cipher-suites are to be used.

    • keyManagers

      public KeyManager[] keyManagers()
      Return the key managers which can be used to secure connections or null if no certificates are used.
      Returns:
      The key managers or null if there are none.

    • trustManagers

      public TrustManager[] trustManagers()
      Return the trust managers or null. In the latter case, only certificates signed by the authorities associated with the installed security providers of this JVM are accepted.
      Returns:
      The trust managers or null if there are none.

    • sslContext

      public SSLContext sslContext()
      Returns the SSLContext that should be used when installing the SSL layer.
      Returns:
      The SSLContext that should be used when installing the SSL layer.

    • clientAuthPolicy

      public SslOptions clientAuthPolicy(SslOptions.ClientAuthPolicy clientAuthPolicy)
      Sets the client auth policy. This option is only useful in server mode.
      Parameters:
      clientAuthPolicy - The client auth policy.
      Returns:
      this SslOptions.
      See Also:

    • enabledCipherSuites

      public SslOptions enabledCipherSuites(Collection<String> cipherSuites)
      Adds the cipher suites enabled for secure connections with the Directory Server. The suites must be supported by the SSLContext specified during construction. Following a successful call to this method, only the suites listed in the protocols parameter are enabled for use.
      Parameters:
      cipherSuites - Names of all the cipher-suites to enable or null to use the default ones.
      Returns:
      This SslOptions.

    • enabledCipherSuites

      public SslOptions enabledCipherSuites(String... cipherSuites)
      Adds the cipher suites enabled for secure connections with the Directory Server. The suites must be supported by the SSLContext specified during construction. Following a successful call to this method, only the suites listed in the protocols parameter are enabled for use.
      Parameters:
      cipherSuites - Names of all the cipher-suites to enable or null to use the default ones.
      Returns:
      This SslOptions.

    • enabledProtocols

      public SslOptions enabledProtocols(Collection<String> protocols)
      Adds the protocol versions enabled for secure connections with the Directory Server. The protocols must be supported by the SSLContext specified during construction.
      Parameters:
      protocols - Names of all the protocols to enable or null to use the default ones.
      Returns:
      This SslOptions.

    • enabledProtocols

      public SslOptions enabledProtocols(String... protocols)
      Adds the protocol versions enabled for secure connections with the Directory Server. The protocols must be supported by the SSLContext specified during construction.
      Parameters:
      protocols - Names of all the protocols to enable or null to use the default ones.
      Returns:
      This SslOptions.