Package org.forgerock.openig.security

Class ClientTlsOptionsHeaplet

java.lang.Object

org.forgerock.openig.heap.GenericHeaplet

org.forgerock.openig.security.ClientTlsOptionsHeaplet

All Implemented Interfaces:

Heaplet

public class ClientTlsOptionsHeaplet
extends GenericHeaplet

Creates and initializes client-side TLS options in a heap environment.

 
  {
    "type": "ClientTlsOptions",
    "config": {
      ... parameters inherited from TlsOptionsHeaplet ...
      "hostnameVerifier"           : Either STRICT or ALLOW_ALL
                                     Defaults to STRICT              [OPTIONAL]
    }
  }
 
 

Note: This implementation verifies hostnames for outgoing SSL connections by default. If this gateway accesses the SSL endpoint using a raw IP address rather than a fully-qualified hostname, then you need to configure hostnameVerifier to ALLOW_ALL.
Accepted values are:

• STRICT (the default)
• ALLOW_ALL

See TlsOptionsHeaplet for a summary of the inherited configuration options.

See Also:

TlsOptionsHeaplet

Field Summary

Fields inherited from class org.forgerock.openig.heap.GenericHeaplet

config, heap, name, object, qualified

Constructor Summary

Constructors

Constructor	Description
ClientTlsOptionsHeaplet()

Method Summary

Modifier and Type	Method	Description
Object	create()	Called to request the heaplet create an object.
protected TlsOptions	tlsOptions(String algorithm, KeyManager[] keyManagers, TrustManager[] trustManagers, List<String> ciphers, List<String> protocols, boolean enableAlpn)	Creates the Client TLS option.

Methods inherited from class org.forgerock.openig.heap.GenericHeaplet

create, destroy, endpointRegistry, evaluatedWithHeapProperties, expression, getConfig, getHeap, getSecretService, getSecretsProvider, getType, initialBindings, meterRegistryHolder, start

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ClientTlsOptionsHeaplet

public ClientTlsOptionsHeaplet()

Method Detail

tlsOptions

protected TlsOptions tlsOptions(String algorithm,
                                KeyManager[] keyManagers,
                                TrustManager[] trustManagers,
                                List<String> ciphers,
                                List<String> protocols,
                                boolean enableAlpn)
                         throws HeapException

Creates the Client TLS option.

Parameters:

algorithm - the SSL context algorithm name

keyManagers - the KeyManagers to use in case of MTLS

trustManagers - the TrustManagers to use

ciphers - the array of TLS cipher suites to allow

protocols - the array of TLS protocols to allow

enableAlpn - indicate if ALPN (Application Layer Protocol Negotiation, a TLS extension) enabled

Returns:

the associated TlsOptions instance.

Throws:

HeapException - should there be a configuration error

create

public Object create()
              throws HeapException

Description copied from class: GenericHeaplet

Called to request the heaplet create an object. Called by Heaplet.create(Name, JsonValue, Heap) after initializing the protected field members. Implementations should parse configuration but not acquire resources, start threads, or log any initialization messages. These tasks should be performed by the GenericHeaplet.start() method.

Specified by:

create in class GenericHeaplet

Returns:

The created object.

Throws:

HeapException - if an exception occurred during creation of the heap object or any of its dependencies.