Package org.forgerock.openig.security

Class ClientTlsOptionsHeaplet

java.lang.Object

org.forgerock.openig.heap.GenericHeaplet

org.forgerock.openig.security.ClientTlsOptionsHeaplet

All Implemented Interfaces:

Heaplet

public class ClientTlsOptionsHeaplet
extends GenericHeaplet

Creates and initializes client-side TLS options in a heap environment.

 
  {
    "type": "ClientTlsOptions",
    "config": {
      ... parameters inherited from TlsOptionsHeaplet ...
      "hostnameVerifier"           : Either STRICT or ALLOW_ALL
                                     Defaults to STRICT              [OPTIONAL]
    }
  }
 
 

Note: This implementation verifies hostnames for outgoing SSL connections by default. If this gateway accesses the SSL endpoint using a raw IP address rather than a fully-qualified hostname, then you need to configure hostnameVerifier to ALLOW_ALL.
Accepted values are:

• STRICT (the default)
• ALLOW_ALL

See TlsOptionsHeaplet for a summary of the inherited configuration options.

See Also:

TlsOptionsHeaplet

Field Summary

Fields inherited from class org.forgerock.openig.heap.GenericHeaplet

config, heap, name, object, qualified

Constructor Summary

Constructors

Constructor	Description
ClientTlsOptionsHeaplet()

Method Summary

Modifier and Type	Method	Description
Object	create()	Called to request the heaplet create an object.
protected TlsOptions	tlsOptions(String algorithm, KeyManager[] keyManagers, TrustManager[] trustManagers, List<String> ciphers, List<String> protocols, boolean enableAlpn)	Factory method creating appropriate TlsOptions.

Methods inherited from class org.forgerock.openig.heap.GenericHeaplet

create, destroy, endpointRegistry, evaluatedWithHeapProperties, expression, getConfig, getHeap, getSecretService, getType, meterRegistryHolder, start

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ClientTlsOptionsHeaplet

public ClientTlsOptionsHeaplet()

Method Detail

tlsOptions

protected TlsOptions tlsOptions(String algorithm,
                                KeyManager[] keyManagers,
                                TrustManager[] trustManagers,
                                List<String> ciphers,
                                List<String> protocols,
                                boolean enableAlpn)
                         throws HeapException

Factory method creating appropriate TlsOptions.

Parameters:

algorithm - the SSL context algorithm name

keyManagers - the array of KeyManagers to use

trustManagers - the array of TrustManagers to use

ciphers - the array of cipher suites to be enabled

protocols - the array of protocols to be enabled

enableAlpn - indicate if ALPN (Application Layer Protocol Negotiation, a TLS extension) enabled

Returns:

new TlsOptions subtype

Throws:

HeapException - should there be a configuration error

create

public Object create()
              throws HeapException

Description copied from class: GenericHeaplet

Called to request the heaplet create an object. Called by Heaplet.create(Name, JsonValue, Heap) after initializing the protected field members. Implementations should parse configuration but not acquire resources, start threads, or log any initialization messages. These tasks should be performed by the GenericHeaplet.start() method.

Specified by:

create in class GenericHeaplet

Returns:

The created object.

Throws:

HeapException - if an exception occurred during creation of the heap object or any of its dependencies.