Package org.forgerock.openig.tools

Class ServerTlsOptions

java.lang.Object

org.forgerock.openig.tools.TlsOptions

org.forgerock.openig.tools.ServerTlsOptions

public class ServerTlsOptions
extends TlsOptions

Extension to TlsOptions supporting client authentication configuration used to drive the authentication negotiation between the client and IG.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static enum	ServerTlsOptions.ClientAuthentication	Enum representing the client authentication configuration options driving authentication negotiations between IG and the client.
static final record	ServerTlsOptions.SniConfiguration	A SNI (Server Name Indication) configuration holder.

Constructor Summary

Constructors

Constructor	Description
ServerTlsOptions(String algorithm, KeyManager[] managers, TrustManager[] trustManagers, List<String> ciphers, List<String> protocols, boolean enableAlpn, ServerTlsOptions.ClientAuthentication clientAuth)	Constructs TLS options with provided values.
ServerTlsOptions(String algorithm, TrustManager[] trustManagers, List<String> ciphers, List<String> protocols, boolean enableAlpn, ServerTlsOptions.ClientAuthentication clientAuth, ServerTlsOptions.SniConfiguration sniConfiguration)	Constructs TLS options with provided values.

Method Summary

Modifier and Type	Method	Description
ServerTlsOptions.ClientAuthentication	getClientAuthentication()	Return the configured ServerTlsOptions.ClientAuthentication required.
Optional<ServerTlsOptions.SniConfiguration>	sniConfiguration()	Get the SNI Configuration if any.

Methods inherited from class org.forgerock.openig.tools.TlsOptions

getAlgorithm, getCipherSuitesArray, getCipherSuitesList, getEnabledProtocolsArray, getEnabledProtocolsList, getKeyManagers, getTrustManagers, isAlpnEnabled

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

ServerTlsOptions

public ServerTlsOptions(String algorithm,
 KeyManager[] managers,
 TrustManager[] trustManagers,
 List<String> ciphers,
 List<String> protocols,
 boolean enableAlpn,
 ServerTlsOptions.ClientAuthentication clientAuth)

Constructs TLS options with provided values. The KeyManager is used for server authentication.

Parameters:

algorithm - SSL algorithm (not null)

managers - array of KeyManager (not null)

trustManagers - array of TrustManager (may be null)

ciphers - list of cipher suites to be enabled (may be empty for JVM default)

protocols - list of protocols to be enabled (may be empty for JVM default)

enableAlpn - enable the ALPN TLS extension

clientAuth - required level of client authentication (not null)

ServerTlsOptions

public ServerTlsOptions(String algorithm,
 TrustManager[] trustManagers,
 List<String> ciphers,
 List<String> protocols,
 boolean enableAlpn,
 ServerTlsOptions.ClientAuthentication clientAuth,
 ServerTlsOptions.SniConfiguration sniConfiguration)

Constructs TLS options with provided values. The ServerTlsOptions.SniConfiguration is used for server authentication.

Parameters:

algorithm - SSL algorithm (not null)

trustManagers - array of TrustManager (may be null)

ciphers - list of cipher suites to be enabled (may be empty for JVM default)

protocols - list of protocols to be enabled (may be empty for JVM default)

enableAlpn - enable the ALPN TLS extension

clientAuth - required level of client authentication (not null)

sniConfiguration - The SNI configuration (not null)

Method Details

sniConfiguration

public Optional<ServerTlsOptions.SniConfiguration> sniConfiguration()

Get the SNI Configuration if any.

Returns:

the SNI Configuration if any

getClientAuthentication

public ServerTlsOptions.ClientAuthentication getClientAuthentication()

Return the configured ServerTlsOptions.ClientAuthentication required.

Returns:

the client authentication