eu.emi.security.authn.x509.impl
Class SocketFactoryCreator

java.lang.Object
  extended by eu.emi.security.authn.x509.impl.SocketFactoryCreator

public class SocketFactoryCreator
extends Object

Simple utility allowing programmers to quickly create SSL socket factories using X509CertChainValidator.

Author:
K. Benedyczak

Constructor Summary
SocketFactoryCreator()
           
 
Method Summary
static void connectWithHostnameChecking(SSLSocket socket, HostnameMismatchCallback callback)
          This method, invoked on an initialized SSL socket will perform the initial handshake (if necessary) and then check if the peer's hostname is matching its certificate.
static SSLServerSocketFactory getServerSocketFactory(X509Credential c, X509CertChainValidator v)
          Same as getServerSocketFactory(X509Credential, X509CertChainValidator, SecureRandom) using SecureRandom implementation as the last argument.
static SSLServerSocketFactory getServerSocketFactory(X509Credential c, X509CertChainValidator v, SecureRandom r)
          Returns an SSLServerSocketFactory configured to check client certificates with a provided validator.
static SSLSocketFactory getSocketFactory(X509Credential c, X509CertChainValidator v)
          Same as getSocketFactory(X509Credential, X509CertChainValidator, SecureRandom) using SecureRandom implementation as the last argument.
static SSLSocketFactory getSocketFactory(X509Credential c, X509CertChainValidator v, SecureRandom r)
          Returns an SSLSocketFactory configured to check servers' certificates with a provided validator.
static SSLContext getSSLContext(X509Credential c, X509CertChainValidator v, SecureRandom r)
          Low level interface.
static X509TrustManager getSSLTrustManager(X509CertChainValidator v)
          Creates a SSL trustmanager which uses the provided validator.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SocketFactoryCreator

public SocketFactoryCreator()
Method Detail

getSSLTrustManager

public static X509TrustManager getSSLTrustManager(X509CertChainValidator v)
Creates a SSL trustmanager which uses the provided validator.

Parameters:
v - validator to use for certificates validation
Returns:
ready to use TrustManager

getSSLContext

public static SSLContext getSSLContext(X509Credential c,
                                       X509CertChainValidator v,
                                       SecureRandom r)
Low level interface. It can be used to get SSLContext object initialized with the provided credential and validator.

Parameters:
c - credential to use for the created sockets. If null, then anonymous socket will be created, what is useful only for client side.
v - validator to use for certificates validation
r - implementation providing random numbers
Returns:
initialized SSLContext object

getServerSocketFactory

public static SSLServerSocketFactory getServerSocketFactory(X509Credential c,
                                                            X509CertChainValidator v,
                                                            SecureRandom r)
Returns an SSLServerSocketFactory configured to check client certificates with a provided validator. Server socket will use the provided credentials.

Parameters:
c - credential to use for the server socket
v - validator to use for client's validation
r - implementation providing random numbers
Returns:
configured SSLServerSocketFactory

getServerSocketFactory

public static SSLServerSocketFactory getServerSocketFactory(X509Credential c,
                                                            X509CertChainValidator v)
Same as getServerSocketFactory(X509Credential, X509CertChainValidator, SecureRandom) using SecureRandom implementation as the last argument. Note that this method might block if the machine has not enough system entropy. It is not suggested to use this method for setting up automatic test environments, however it is suitable for production setups.


getSocketFactory

public static SSLSocketFactory getSocketFactory(X509Credential c,
                                                X509CertChainValidator v,
                                                SecureRandom r)
Returns an SSLSocketFactory configured to check servers' certificates with a provided validator. Client socket will use the provided credentials.

Parameters:
c - credential to use for the client socket
v - validator to use for server's validation
r - implementation providing random numbers
Returns:
configured SSLSocketFactory

getSocketFactory

public static SSLSocketFactory getSocketFactory(X509Credential c,
                                                X509CertChainValidator v)
Same as getSocketFactory(X509Credential, X509CertChainValidator, SecureRandom) using SecureRandom implementation as the last argument. Note that this method might block if the machine has not enough system entropy. It is not suggested to use this method for setting up automatic test environments, however it is suitable for production setups.


connectWithHostnameChecking

public static void connectWithHostnameChecking(SSLSocket socket,
                                               HostnameMismatchCallback callback)
                                        throws SSLPeerUnverifiedException
This method, invoked on an initialized SSL socket will perform the initial handshake (if necessary) and then check if the peer's hostname is matching its certificate. The reaction to a mismatch must be handled by the provided callback.

Parameters:
socket - socket to be checked
callback - used when there is mismatch.
Throws:
SSLPeerUnverifiedException - if the peer was not verified


Copyright © 2012-2013 European Middleware Initiative. All Rights Reserved.