Package org.faceless.publisher.type
Class SSLURLConnectionProcessor
java.lang.Object
org.faceless.publisher.type.AbstractURLConnectionProcessor
org.faceless.publisher.type.SSLURLConnectionProcessor
- All Implemented Interfaces:
URLConnectionProcessor
A URLConnectionProcessor which can be used to add SSL client certifcates, to modify the list of trusted certificates, or to modify other parameters of any TLS based network connection.
Multiple SSLURLConnectionProcessors can exist - they will be combined into a
single SSLContext
.
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final SSLURLConnectionProcessor
A shared SSLURLConnectionProcessor which uses the default SSL context.static final SSLURLConnectionProcessor
A shared SSLURLConnectionProcessor which trusts all certificates presented to it.static final SSLURLConnectionProcessor
A shared SSLURLConnectionProcessor which uses the "Mozilla CA Certificates" as its list of trusted certs. -
Constructor Summary
ConstructorsConstructorDescriptionCreate a new SSLURLConnectionProcessor which does nothing.SSLURLConnectionProcessor
(KeyStore trust, KeyStore identity, char[] password, Provider provider) Create a new SSLURLConnectionProcessorSSLURLConnectionProcessor
(URL2 trust, URL2 identity, char[] password, ReportFactory reportFactory) Create a new SSLURLConnectionProcessor -
Method Summary
Modifier and TypeMethodDescriptionGet the HostnameVerifier, as set bysetHostnameVerifier(javax.net.ssl.HostnameVerifier)
Return the list ofKeyManager
s to be searched for identify information (typically an X.509 Client certificate) when opening an SSL connection.getSSLContext
(SSLContext ctx) Return the modified or replaced SSLContext to use for any SSL network connections.Return the list ofTrustManager
s to be used to determine whether a SSL connection is trustworthyvoid
Set the HostnameVerifier.Methods inherited from class org.faceless.publisher.type.AbstractURLConnectionProcessor
after, before, getMatches, matches
-
Field Details
-
INSECURE
A shared SSLURLConnectionProcessor which trusts all certificates presented to it. This can be used for testing with self-signed certificates. -
DEFAULT
A shared SSLURLConnectionProcessor which uses the default SSL context. This is the only URLConnectionProcesser set by default inReportFactory.getURLConnectionProcessors()
-
MOZILLACA
A shared SSLURLConnectionProcessor which uses the "Mozilla CA Certificates" as its list of trusted certs. This is an alternative to the default set provided byDEFAULT
. The list is bundled with BFO Publisher.
-
-
Constructor Details
-
SSLURLConnectionProcessor
public SSLURLConnectionProcessor()Create a new SSLURLConnectionProcessor which does nothing. -
SSLURLConnectionProcessor
public SSLURLConnectionProcessor(KeyStore trust, KeyStore identity, char[] password, Provider provider) throws KeyStoreException, UnrecoverableKeyException Create a new SSLURLConnectionProcessor- Parameters:
trust
- if not null, the KeyStore containing the trusted X509 rootsidentity
- if not null, the KeyStore containing X509 client certificatespassword
- if identity is not null, the password to access the certificatesprovider
- if not null, the provider to use to create the TrustManager and KeyManagers- Throws:
KeyStoreException
UnrecoverableKeyException
-
SSLURLConnectionProcessor
public SSLURLConnectionProcessor(URL2 trust, URL2 identity, char[] password, ReportFactory reportFactory) throws IOException, KeyStoreException, UnrecoverableKeyException Create a new SSLURLConnectionProcessor- Parameters:
trust
- if not null, the URL of the KeyStore containing the trusted X509 rootsidentity
- if not null, the URL of the KeyStore containing X509 client certificatespassword
- if identity is not null, the password to access the certificatesreportFactory
- the ReportFactory (required), which wil be used to load the KeyStores.- Throws:
IOException
KeyStoreException
UnrecoverableKeyException
-
-
Method Details
-
getHostnameVerifier
Get the HostnameVerifier, as set bysetHostnameVerifier(javax.net.ssl.HostnameVerifier)
-
setHostnameVerifier
Set the HostnameVerifier. If multipleSSLURLConnectionProcessor
objects are used, theirHostnameVerifiers
will all be checked in sequence. If all of them are null, the defaultHostnameVerifier
is used.- Parameters:
hv
- the HostnameVerifier, or null to use the system default.
-
getTrustManagers
Return the list ofTrustManager
s to be used to determine whether a SSL connection is trustworthy- Returns:
- a modifiable list of TrustManager objects
- Throws:
Exception
-
getKeyManagers
Return the list ofKeyManager
s to be searched for identify information (typically an X.509 Client certificate) when opening an SSL connection.- Returns:
- a modifiable list of KeyManager objects
- Throws:
Exception
-
getSSLContext
Return the modified or replaced SSLContext to use for any SSL network connections. The SSLContext generated from all the SSLURLConnectionProcessor objects available is passed in - it can be modified by this method (for example, to change the SSLParameters) or completely replaced. The return value if this method will be passed into the next SSLURLConnectionProcessor in the chain, and the return value from the final one is applied to any SSL network connections.- Returns:
- the SSLContext to use - defaults to "ctx"
- Throws:
Exception
-