Package org.opends.server.util

Class SslUtils

java.lang.Object

org.opends.server.util.SslUtils

public final class SslUtils
extends Object

Utility class for common SSL related setup.

Method Summary

Modifier and Type	Method	Description
static Options	createOptionsForSslContext(Dn trustManagerProviderDn, Dn keyManagerProviderDn, String friendlyName, SortedSet<String> sslCertNicknames, SortedSet<String> sslCipherSuites, SortedSet<String> sslProtocols, ServerContext serverContext, ConnectionSecurity connectionSecurity)	Create SSL communications Options for an SSL context.
static SSLContext	createSslContext(Collection<Dn> trustManagerProviderDns, Dn keyManagerProviderDn, String friendlyName, SortedSet<String> sslCertNicknames, ServerContext serverContext)	Creates an SSL context.
static SslOptions	createSslOptions(Collection<Dn> trustManagerProviderDns, Dn keyManagerProviderDn, String friendlyName, SortedSet<String> sslCertNicknames, SortedSet<String> sslCipherSuites, SortedSet<String> sslProtocols, ServerContext serverContext)	Creates SslOptions for the provided parameters.
static KeyManager[]	getKeyManagers(Dn keyManagerProviderDn, String friendlyName, Set<String> sslCertNicknames, ServerContext serverContext)	Returns an array of KeyManagers for use by the SSLContext while setting up communication.
static TrustManager[]	getTrustManagers(Collection<Dn> trustManagerProviderDns, ServerContext serverContext)	Returns an array of TrustManagers for use by the SSLContext while setting up communication.
static Collection<LocalizableMessage>	verifySslCiphersAndProtocols(Collection<String> cipherSuites, Collection<String> protocols, LocalizableMessageDescriptor.Arg1<Object> cipherError, LocalizableMessageDescriptor.Arg1<Object> protocolError)	Verifies all the specified SSL cipher suites and protocols are available in the current JVM.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

createOptionsForSslContext

public static Options createOptionsForSslContext(Dn trustManagerProviderDn,
                                                 Dn keyManagerProviderDn,
                                                 String friendlyName,
                                                 SortedSet<String> sslCertNicknames,
                                                 SortedSet<String> sslCipherSuites,
                                                 SortedSet<String> sslProtocols,
                                                 ServerContext serverContext,
                                                 ConnectionSecurity connectionSecurity)

Create SSL communications Options for an SSL context.

If specific certificate nicknames are specified, only key managers managing those certificates will be returned in Options.

Parameters:

trustManagerProviderDn - The DN of the configuration entry providing TrustManagers.

keyManagerProviderDn - The DN of the configuration entry providing KeyManagers.

friendlyName - A user readable name to be used in messages.

sslCertNicknames - The certificate nicknames to select the key managers to return.

sslCipherSuites - Sorted set of strings representing names of the SSL cipher suites which should be used.

sslProtocols - Sorted set of strings representing names of the SSL protocols which should be used.

serverContext - The server context from which the key manager provider will be retrieve.

connectionSecurity - Represents the security level of the communications.

Returns:

options associated to the provided SSL context.

createSslOptions

public static SslOptions createSslOptions(Collection<Dn> trustManagerProviderDns,
                                          Dn keyManagerProviderDn,
                                          String friendlyName,
                                          SortedSet<String> sslCertNicknames,
                                          SortedSet<String> sslCipherSuites,
                                          SortedSet<String> sslProtocols,
                                          ServerContext serverContext)
                                   throws KeyManagementException,
                                          LdapException

Creates SslOptions for the provided parameters.

If specific certificate nicknames are specified, only key managers managing those certificates will be returned in SslOptions.

Parameters:

trustManagerProviderDns - The DNs of the configuration entries providing TrustManagers.

keyManagerProviderDn - The DN of the configuration entry providing KeyManagers.

friendlyName - A user readable name to be used in messages.

sslCertNicknames - The certificate nicknames to select the key managers to return.

sslCipherSuites - Sorted set of strings representing names of the SSL cipher suites which should be used.

sslProtocols - Sorted set of strings representing names of the SSL protocols which should be used.

serverContext - The server context from which the key manager provider will be retrieve.

Returns:

SSL options associated to the provided arguments.

Throws:

KeyManagementException - if an error occurred initializing the ssl context

LdapException - If a problem occurs while attempting to obtain the key/trust managers from the provider.

createSslContext

public static SSLContext createSslContext(Collection<Dn> trustManagerProviderDns,
                                          Dn keyManagerProviderDn,
                                          String friendlyName,
                                          SortedSet<String> sslCertNicknames,
                                          ServerContext serverContext)
                                   throws LdapException,
                                          KeyManagementException

Creates an SSL context.

If specific certificate nicknames are specified, only key managers managing those certificates will be used.

Parameters:

trustManagerProviderDns - The DNs of the configuration entries providing TrustManagers.

keyManagerProviderDn - The DN of the configuration entry providing KeyManagers.

friendlyName - A user readable name to be used in messages.

sslCertNicknames - The certificate nicknames to select the key managers to return.

serverContext - The server context from which the key manager provider will be retrieve.

Returns:

A new SSL context

Throws:

LdapException - If a problem occurs while attempting to obtain the key managers from the provider.

KeyManagementException - if the SSL context could not be initialized.

getKeyManagers

public static KeyManager[] getKeyManagers(Dn keyManagerProviderDn,
                                          String friendlyName,
                                          Set<String> sslCertNicknames,
                                          ServerContext serverContext)
                                   throws LdapException

Returns an array of KeyManagers for use by the SSLContext while setting up communication.

If the keyManagerProviderDn is null or if a key manager provider cannot be retrieved from the serverContext, then this method returns null which means that an empty key manager should be used in communications.

Parameters:

keyManagerProviderDn - DN of the configuration element which represents a key manager provider. If null, the method will use SslOptions.USE_EMPTY_KEY_MANAGER.

friendlyName - A user readable name to be used in messages.

sslCertNicknames - A set of string representing the aliases of the certificates which will be selected and returned by the method. This parameter can be used to filter out some key managers return by the provider.

serverContext - The server context to retrieve the key managers.

Returns:

The computed KeyManagers or {code null} if no key manager can be retrieved.

Throws:

LdapException - If a problem occurs while attempting to obtain the key managers from the provider.

getTrustManagers

public static TrustManager[] getTrustManagers(Collection<Dn> trustManagerProviderDns,
                                              ServerContext serverContext)
                                       throws LdapException

Returns an array of TrustManagers for use by the SSLContext while setting up communication.

Parameters:

trustManagerProviderDns - DNs of the configuration element which represents trust manager providers.

serverContext - The server context to retrieve the trust managers.

Returns:

The computed TrustManagers or null if no trust manager can be retrieved.

Throws:

LdapException - If a problem occurs while attempting to obtain the trust managers from the provider.

verifySslCiphersAndProtocols

public static Collection<LocalizableMessage> verifySslCiphersAndProtocols(Collection<String> cipherSuites,
                                                                          Collection<String> protocols,
                                                                          LocalizableMessageDescriptor.Arg1<Object> cipherError,
                                                                          LocalizableMessageDescriptor.Arg1<Object> protocolError)

Verifies all the specified SSL cipher suites and protocols are available in the current JVM.

Parameters:

cipherSuites - the list of required SSL cipher suites

protocols - the list of required SSL protocol

cipherError - the error to return for unknown cipher suites

protocolError - the error to return for unknown protocols

Returns:

the list of errors to report when one of the cipher suites or protocols are not available