Class SslUtils

java.lang.Object
org.opends.server.util.SslUtils

public final class SslUtils extends Object
Utility class for common SSL related setup.
  • Method Details

    • createOptionsForSslContext

      public static Options createOptionsForSslContext(Dn trustManagerProviderDn, Dn keyManagerProviderDn, String friendlyName, SortedSet<String> sslCertNicknames, SortedSet<String> sslCipherSuites, SortedSet<String> sslProtocols, ServerContext serverContext, ConnectionSecurity connectionSecurity)
      Create SSL communications Options for an SSL context.

      If specific certificate nicknames are specified, only key managers managing those certificates will be returned in Options.

      Parameters:
      trustManagerProviderDn - The DN of the configuration entry providing TrustManagers.
      keyManagerProviderDn - The DN of the configuration entry providing KeyManagers.
      friendlyName - A user readable name to be used in messages.
      sslCertNicknames - The certificate nicknames to select the key managers to return.
      sslCipherSuites - Sorted set of strings representing names of the SSL cipher suites which should be used.
      sslProtocols - Sorted set of strings representing names of the SSL protocols which should be used.
      serverContext - The server context from which the key manager provider will be retrieve.
      connectionSecurity - Represents the security level of the communications.
      Returns:
      options associated to the provided SSL context.
    • createSslOptions

      public static SslOptions createSslOptions(Collection<Dn> trustManagerProviderDns, Dn keyManagerProviderDn, String friendlyName, SortedSet<String> sslCertNicknames, SortedSet<String> sslCipherSuites, SortedSet<String> sslProtocols, ServerContext serverContext) throws KeyManagementException, LdapException
      Creates SslOptions for the provided parameters.

      If specific certificate nicknames are specified, only key managers managing those certificates will be returned in SslOptions.

      Parameters:
      trustManagerProviderDns - The DNs of the configuration entries providing TrustManagers.
      keyManagerProviderDn - The DN of the configuration entry providing KeyManagers.
      friendlyName - A user readable name to be used in messages.
      sslCertNicknames - The certificate nicknames to select the key managers to return.
      sslCipherSuites - Sorted set of strings representing names of the SSL cipher suites which should be used.
      sslProtocols - Sorted set of strings representing names of the SSL protocols which should be used.
      serverContext - The server context from which the key manager provider will be retrieve.
      Returns:
      SSL options associated to the provided arguments.
      Throws:
      KeyManagementException - if an error occurred initializing the ssl context
      LdapException - If a problem occurs while attempting to obtain the key/trust managers from the provider.
    • createSslContext

      public static SSLContext createSslContext(Collection<Dn> trustManagerProviderDns, Dn keyManagerProviderDn, String friendlyName, SortedSet<String> sslCertNicknames, ServerContext serverContext) throws LdapException, KeyManagementException
      Creates an SSL context.

      If specific certificate nicknames are specified, only key managers managing those certificates will be used.

      Parameters:
      trustManagerProviderDns - The DNs of the configuration entries providing TrustManagers.
      keyManagerProviderDn - The DN of the configuration entry providing KeyManagers.
      friendlyName - A user readable name to be used in messages.
      sslCertNicknames - The certificate nicknames to select the key managers to return.
      serverContext - The server context from which the key manager provider will be retrieve.
      Returns:
      A new SSL context
      Throws:
      LdapException - If a problem occurs while attempting to obtain the key managers from the provider.
      KeyManagementException - if the SSL context could not be initialized.
    • getKeyManagers

      public static KeyManager[] getKeyManagers(Dn keyManagerProviderDn, String friendlyName, Set<String> sslCertNicknames, ServerContext serverContext) throws LdapException
      Returns an array of KeyManagers for use by the SSLContext while setting up communication.

      If the keyManagerProviderDn is null or if a key manager provider cannot be retrieved from the serverContext, then this method returns null which means that an empty key manager should be used in communications.

      Parameters:
      keyManagerProviderDn - DN of the configuration element which represents a key manager provider. If null, the method will use SslOptions.USE_EMPTY_KEY_MANAGER.
      friendlyName - A user readable name to be used in messages.
      sslCertNicknames - A set of string representing the aliases of the certificates which will be selected and returned by the method. This parameter can be used to filter out some key managers return by the provider.
      serverContext - The server context to retrieve the key managers.
      Returns:
      The computed KeyManagers or {code null} if no key manager can be retrieved.
      Throws:
      LdapException - If a problem occurs while attempting to obtain the key managers from the provider.
    • getTrustManagers

      public static TrustManager[] getTrustManagers(Collection<Dn> trustManagerProviderDns, ServerContext serverContext) throws LdapException
      Returns an array of TrustManagers for use by the SSLContext while setting up communication.
      Parameters:
      trustManagerProviderDns - DNs of the configuration element which represents trust manager providers.
      serverContext - The server context to retrieve the trust managers.
      Returns:
      The computed TrustManagers or null if no trust manager can be retrieved.
      Throws:
      LdapException - If a problem occurs while attempting to obtain the trust managers from the provider.
    • verifySslCiphersAndProtocols

      public static Collection<LocalizableMessage> verifySslCiphersAndProtocols(Collection<String> cipherSuites, Collection<String> protocols, LocalizableMessageDescriptor.Arg1<Object> cipherError, LocalizableMessageDescriptor.Arg1<Object> protocolError)
      Verifies all the specified SSL cipher suites and protocols are available in the current JVM.
      Parameters:
      cipherSuites - the list of required SSL cipher suites
      protocols - the list of required SSL protocol
      cipherError - the error to return for unknown cipher suites
      protocolError - the error to return for unknown protocols
      Returns:
      the list of errors to report when one of the cipher suites or protocols are not available