public final class SSLUtils extends Object
Modifier and Type | Field and Description |
---|---|
static String |
SSL_SESSION_IDENTITY_KEY
The key used to store the authenticated
SecurityIdentity onto the SSLSession . |
Modifier and Type | Method and Description |
---|---|
static <R> R |
computeIfAbsent(SSLSession sslSession,
String key,
Function<String,R> mappingFunction)
Get or compute the value for the given key, storing the computed value (if one is generated).
|
static SSLContext |
createConfiguredSslContext(SSLContext original,
SSLConfigurator sslConfigurator)
Create a configured SSL context from an outside SSL context.
|
static SSLContext |
createConfiguredSslContext(SSLContext original,
SSLConfigurator sslConfigurator,
boolean wrap)
Create a configured SSL context from an outside SSL context.
|
static SecurityFactory<SSLContext> |
createConfiguredSslContextFactory(SecurityFactory<SSLContext> originalFactory,
SSLConfigurator sslConfigurator)
Create a configured SSL context factory from an outside SSL context.
|
static SecurityFactory<SSLEngine> |
createDispatchingSSLEngineFactory(SSLContextSelector selector)
Get a factory which produces SSL engines which dispatch to the appropriate SSL context based on the information
in the SSL greeting.
|
static SNIMatcher |
createHostNamePredicateSNIMatcher(Predicate<SNIHostName> predicate)
Create an
SNIMatcher which matches SNI host names that satisfy the given predicate. |
static SNIMatcher |
createHostNameStringPredicateSNIMatcher(Predicate<String> predicate)
Create an
SNIMatcher which matches SNI host name strings that satisfy the given predicate. |
static SNIMatcher |
createHostNameStringSNIMatcher(String string)
Create an
SNIMatcher which matches SNI host names that are equal to the given (ASCII) string. |
static SNIMatcher |
createHostNameSuffixSNIMatcher(String suffix)
Create an
SNIMatcher which matches SNI host name strings which end with the given suffix. |
static SSLEngine |
createSelectingSSLEngine(SSLContextSelector selector)
Get a server SSL engine which dispatches to the appropriate SSL context based on the information in the
SSL greeting.
|
static SSLEngine |
createSelectingSSLEngine(SSLContextSelector selector,
String host,
int port)
Get a server SSL engine which dispatches to the appropriate SSL context based on the information in the
SSL greeting.
|
static SecurityFactory<SSLContext> |
createSimpleSslContextFactory(String protocol,
Provider provider)
Create a simple security factory for SSL contexts.
|
static SecurityFactory<SSLContext> |
createSslContextFactory(ProtocolSelector protocolSelector,
Supplier<Provider[]> providerSupplier)
Create an SSL context factory which locates the best context by searching the preferred providers in order using
the rules established in the given protocol selector.
|
static SecurityFactory<SSLContext> |
createSslContextFactory(ProtocolSelector protocolSelector,
Supplier<Provider[]> providerSupplier,
String providerName)
Create an SSL context factory which locates the best context by searching the preferred providers in order using
the rules established in the given protocol selector.
|
static SecurityFactory<X509TrustManager> |
getDefaultX509TrustManagerSecurityFactory()
Get the platform's default X.509 trust manager security factory.
|
static Object |
getOrDefault(SSLSession sslSession,
String key,
Object defaultValue)
Get the value of the given key from the SSL session, or a default value if the key is not set.
|
static Object |
putSessionValueIfAbsent(SSLSession sslSession,
String key,
Object newValue)
Put a value on the session if the value is not yet set.
|
static Object |
removeSessionValue(SSLSession sslSession,
String key)
Remove and return a value on the session.
|
static boolean |
removeSessionValue(SSLSession sslSession,
String key,
Object value)
Remove the given key-value pair on the session.
|
static Object |
replaceSessionValue(SSLSession sslSession,
String key,
Object newValue)
Replace the given key's value with a new value.
|
static boolean |
replaceSessionValue(SSLSession sslSession,
String key,
Object oldValue,
Object newValue)
Replace the given key's value with a new value if (and only if) it is mapped to the given existing value.
|
public static final String SSL_SESSION_IDENTITY_KEY
SecurityIdentity
onto the SSLSession
.public static SecurityFactory<SSLContext> createSslContextFactory(ProtocolSelector protocolSelector, Supplier<Provider[]> providerSupplier)
protocolSelector
- the protocol selectorproviderSupplier
- the provider supplierpublic static SecurityFactory<SSLContext> createSslContextFactory(ProtocolSelector protocolSelector, Supplier<Provider[]> providerSupplier, String providerName)
protocolSelector
- the protocol selectorproviderSupplier
- the provider supplierproviderName
- the provider name to select, or null
to allow anypublic static SecurityFactory<SSLContext> createSimpleSslContextFactory(String protocol, Provider provider)
protocol
- the protocol nameprovider
- the provider to usepublic static SSLContext createConfiguredSslContext(SSLContext original, SSLConfigurator sslConfigurator)
original
- the original SSL contextsslConfigurator
- the SSL configuratorpublic static SSLContext createConfiguredSslContext(SSLContext original, SSLConfigurator sslConfigurator, boolean wrap)
original
- the original SSL contextsslConfigurator
- the SSL configuratorwrap
- should the resulting SSLEngine, SSLSocket, and SSLServerSocket instances be wrapped using the configurator.public static SecurityFactory<SSLContext> createConfiguredSslContextFactory(SecurityFactory<SSLContext> originalFactory, SSLConfigurator sslConfigurator)
OneTimeSecurityFactory
instance.originalFactory
- the original SSL context factorysslConfigurator
- the SSL configuratorpublic static SecurityFactory<X509TrustManager> getDefaultX509TrustManagerSecurityFactory()
public static SSLEngine createSelectingSSLEngine(SSLContextSelector selector)
selector
- the context selector to use (cannot be null
)null
)public static SSLEngine createSelectingSSLEngine(SSLContextSelector selector, String host, int port)
selector
- the context selector to use (cannot be null
)host
- the advisory host nameport
- the advisory port numbernull
)public static SNIMatcher createHostNamePredicateSNIMatcher(Predicate<SNIHostName> predicate)
SNIMatcher
which matches SNI host names that satisfy the given predicate.predicate
- the predicate (must not be null
)null
)public static SNIMatcher createHostNameStringPredicateSNIMatcher(Predicate<String> predicate)
SNIMatcher
which matches SNI host name strings that satisfy the given predicate.predicate
- the predicate (must not be null
)null
)IDN
public static SNIMatcher createHostNameStringSNIMatcher(String string)
SNIMatcher
which matches SNI host names that are equal to the given (ASCII) string.string
- the host name string (must not be null
)null
)IDN
public static SNIMatcher createHostNameSuffixSNIMatcher(String suffix)
SNIMatcher
which matches SNI host name strings which end with the given suffix.suffix
- the suffix to match (must not be null
or empty)null
)public static SecurityFactory<SSLEngine> createDispatchingSSLEngineFactory(SSLContextSelector selector)
selector
- the context selector to use (cannot be null
)null
)public static Object getOrDefault(SSLSession sslSession, String key, Object defaultValue)
sslSession
- the SSL session (must not be null
)key
- the key to retrieve (must not be null
)defaultValue
- the value to return if the key is not presentpublic static Object putSessionValueIfAbsent(SSLSession sslSession, String key, Object newValue)
sslSession
- the SSL session (must not be null
)key
- the key to retrieve (must not be null
)newValue
- the value to set (must not be null
)null
if the value was successfully setpublic static Object removeSessionValue(SSLSession sslSession, String key)
sslSession
- the SSL session (must not be null
)key
- the key to retrieve (must not be null
)null
if no such value was setpublic static boolean removeSessionValue(SSLSession sslSession, String key, Object value)
sslSession
- the SSL session (must not be null
)key
- the key to remove (must not be null
)value
- the value to remove (must not be null
)true
if the key/value pair was removed, false
if the key was not present or the value was not equal to the given valuepublic static Object replaceSessionValue(SSLSession sslSession, String key, Object newValue)
sslSession
- the SSL session (must not be null
)key
- the key to retrieve (must not be null
)newValue
- the value to set (must not be null
)null
if the value was not setpublic static boolean replaceSessionValue(SSLSession sslSession, String key, Object oldValue, Object newValue)
sslSession
- the SSL session (must not be null
)key
- the key to retrieve (must not be null
)oldValue
- the value to match (must not be null
)newValue
- the value to set (must not be null
)true
if the value was matched and replaced, or false
if the value did not match and no action was takenpublic static <R> R computeIfAbsent(SSLSession sslSession, String key, Function<String,R> mappingFunction)
null
value or an unspecified exception will result.sslSession
- the SSL session (must not be null
)key
- the key to retrieve (must not be null
)mappingFunction
- the function to apply to acquire the value (must not be null
)null
)Copyright © 2017 JBoss by Red Hat. All rights reserved.