Class ClientTlsOptionsHeaplet

java.lang.Object
org.forgerock.openig.heap.GenericHeaplet
org.forgerock.openig.security.ClientTlsOptionsHeaplet
All Implemented Interfaces:
Heaplet

public class ClientTlsOptionsHeaplet extends GenericHeaplet
Creates and initializes client-side TLS options in a heap environment.
 
  {
    "type": "ClientTlsOptions",
    "config": {
      ... parameters inherited from TlsOptionsHeaplet ...
      "hostnameVerifier"           : Either STRICT or ALLOW_ALL
                                     Defaults to STRICT              [OPTIONAL]
    }
  }
 
 

Note: This implementation verifies hostnames for outgoing SSL connections by default. If this gateway accesses the SSL endpoint using a raw IP address rather than a fully-qualified hostname, then you need to configure hostnameVerifier to ALLOW_ALL.
Accepted values are:

  • STRICT (the default)
  • ALLOW_ALL

See TlsOptionsHeaplet for a summary of the inherited configuration options.

See Also:
  • Field Details

  • Constructor Details

    • ClientTlsOptionsHeaplet

      public ClientTlsOptionsHeaplet()
  • Method Details

    • tlsOptions

      protected TlsOptions tlsOptions(String algorithm, KeyManager[] keyManagers, TrustManager[] trustManagers, List<String> ciphers, List<String> protocols, boolean enableAlpn) throws HeapException
      Factory method creating appropriate TlsOptions.
      Parameters:
      algorithm - the SSL context algorithm name
      keyManagers - the array of KeyManagers to use
      trustManagers - the array of TrustManagers to use
      ciphers - the array of cipher suites to be enabled
      protocols - the array of protocols to be enabled
      enableAlpn - indicate if ALPN (Application Layer Protocol Negotiation, a TLS extension) enabled
      Returns:
      new TlsOptions subtype
      Throws:
      HeapException - should there be a configuration error
    • create

      public Object create() throws HeapException
      Description copied from class: GenericHeaplet
      Called to request the heaplet create an object. Called by Heaplet.create(Name, JsonValue, Heap) after initializing the protected field members. Implementations should parse configuration but not acquire resources, start threads, or log any initialization messages. These tasks should be performed by the GenericHeaplet.start() method.
      Specified by:
      create in class GenericHeaplet
      Returns:
      The created object.
      Throws:
      HeapException - if an exception occurred during creation of the heap object or any of its dependencies.