Package org.forgerock.opendj.security

Class SslOptions

  • public final class SslOptions
extends Object
    Encapsulates options for configuring SSL based security as well as providing methods for building SSLEngines.

    • Method Detail

      • isSslHostNameValidationEnabled

        public static boolean isSslHostNameValidationEnabled()
        Returns whether server host name validation against the SSL certificate's subject must be performed.
        Returns:
        true If the host name must be validated, false otherwise.

      • newClientSslEngine

        public static SSLEngine newClientSslEngine​(SslOptions sslOptions,
                                           String host,
                                           int port)
        Creates a new SSLEngine configured to be used by a client application. Provide a host and port in order to perform host name verification.
        Parameters:
        sslOptions - SslOptions to use to configure the SSLEngine.
        host - The non-authoritative name of the peer host.
        port - The non-authoritative peer port.
        Returns:
        A new SSLEngine which has been configured with the settings contained in this SslOptions

      • newServerSslEngine

        public static SSLEngine newServerSslEngine​(SslOptions sslOptions)
        Creates a new SSLEngine configured to be used by a server application.
        Parameters:
        sslOptions - SslOptions to use to configure the SSLEngine.
        Returns:
        A new SSLEngine which has been configured with the settings contained in this SslOptions

      • supportedCipherSuites

        public static List<String> supportedCipherSuites()
        Returns a List of TLS cipher suites names reported as supported by the running JVM.
        Returns:
        a List of TLS cipher suites names reported as supported by the running JVM

      • supportedProtocols

        public static List<String> supportedProtocols()
        Returns a List of TLS protocol names reported as supported by the running JVM.
        Returns:
        a List of TLS protocol names reported as supported by the running JVM

      • newSslOptions

        public static SslOptions newSslOptions​(KeyManager keyManager,
                                       TrustManager trustManager)
                                throws KeyManagementException
        Creates a new SslOptions for the provided key manager and trust manager.
        Parameters:
        keyManager - The key manager, which may be null indicating that no certificates will be used.
        trustManager - The trust manager, which may be null. In the latter case, only certificates signed by the authorities associated with the installed security providers of this JVM are accepted.
        Returns:
        A new SslOptions instance.
        Throws:
        KeyManagementException - If the key manager or trust manager could not be used for some reason.

      • newSslOptions

        public static SslOptions newSslOptions​(KeyManager[] keyManagers,
                                       TrustManager[] trustManagers)
                                throws KeyManagementException
        Creates a new SslOptions for the provided key managers and trust managers.
        Parameters:
        keyManagers - The key managers, which may be null indicating that no certificates will be used.
        trustManagers - The trust manager, which may be null. In the latter case, only certificates signed by the authorities associated with the installed security providers of this JVM are accepted.
        Returns:
        A new SslOptions instance.
        Throws:
        KeyManagementException - If the key managers or trust managers could not be used for some reason.

      • enabledProtocols

        public String[] enabledProtocols()
        Returns the names of the protocol versions which are currently enabled for secure connections with the Directory Server.
        Returns:
        an array of protocols or null if the default protocols are to be used.

      • enabledCipherSuites

        public String[] enabledCipherSuites()
        Returns the names of the cipher suites which are currently enabled for secure connections with the Directory Server.
        Returns:
        an array of cipher-suite or null if the default cipher-suites are to be used.

      • keyManagers

        public KeyManager[] keyManagers()
        Return the key managers which can be used to secure connections or null if no certificates are used.
        Returns:
        The key managers or null if there are none.

      • trustManagers

        public TrustManager[] trustManagers()
        Return the trust managers or null. In the latter case, only certificates signed by the authorities associated with the installed security providers of this JVM are accepted.
        Returns:
        The trust managers or null if there are none.

      • sslContext

        public SSLContext sslContext()
        Returns the SSLContext that should be used when installing the SSL layer.
        Returns:
        The SSLContext that should be used when installing the SSL layer.

      • enabledCipherSuites

        public SslOptions enabledCipherSuites​(Collection<String> cipherSuites)
        Adds the cipher suites enabled for secure connections with the Directory Server. The suites must be supported by the SSLContext specified during construction. Following a successful call to this method, only the suites listed in the protocols parameter are enabled for use.
        Parameters:
        cipherSuites - Names of all the cipher-suites to enable or null to use the default ones.
        Returns:
        This SslOptions.

      • enabledCipherSuites

        public SslOptions enabledCipherSuites​(String... cipherSuites)
        Adds the cipher suites enabled for secure connections with the Directory Server. The suites must be supported by the SSLContext specified during construction. Following a successful call to this method, only the suites listed in the protocols parameter are enabled for use.
        Parameters:
        cipherSuites - Names of all the cipher-suites to enable or null to use the default ones.
        Returns:
        This SslOptions.

      • enabledProtocols

        public SslOptions enabledProtocols​(Collection<String> protocols)
        Adds the protocol versions enabled for secure connections with the Directory Server. The protocols must be supported by the SSLContext specified during construction.
        Parameters:
        protocols - Names of all the protocols to enable or null to use the default ones.
        Returns:
        This SslOptions.

      • enabledProtocols

        public SslOptions enabledProtocols​(String... protocols)
        Adds the protocol versions enabled for secure connections with the Directory Server. The protocols must be supported by the SSLContext specified during construction.
        Parameters:
        protocols - Names of all the protocols to enable or null to use the default ones.
        Returns:
        This SslOptions.