Class SslDomainImpl
- java.lang.Object
-
- org.apache.qpid.proton.engine.impl.ssl.SslDomainImpl
-
- All Implemented Interfaces:
ProtonSslEngineProvider
,ProtonJSslDomain
,SslDomain
public class SslDomainImpl extends java.lang.Object implements SslDomain, ProtonSslEngineProvider, ProtonJSslDomain
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface org.apache.qpid.proton.engine.SslDomain
SslDomain.Factory, SslDomain.Mode, SslDomain.VerifyMode
-
-
Constructor Summary
Constructors Constructor Description SslDomainImpl()
Application code should useSslDomain.Factory.create()
instead.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
allowUnsecuredClient()
void
allowUnsecuredClient(boolean allowUnsecured)
Permit a server to accept connection requests from non-SSL clients.ProtonSslEngine
createSslEngine(SslPeerDetails peerDetails)
Returns an SSL engine.java.lang.String
getCertificateFile()
SslDomain.Mode
getMode()
SslDomain.VerifyMode
getPeerAuthentication()
java.lang.String
getPrivateKeyFile()
java.lang.String
getPrivateKeyPassword()
javax.net.ssl.SSLContext
getSslContext()
Returns the SSLContext set bySslDomain.setSslContext(SSLContext)
.java.lang.String
getTrustedCaDb()
void
init(SslDomain.Mode mode)
Initialize the ssl domain object.void
setCredentials(java.lang.String certificateFile, java.lang.String privateKeyFile, java.lang.String privateKeyPassword)
Set the certificate that identifies the local node to the remote.void
setPeerAuthentication(SslDomain.VerifyMode verifyMode)
Configure the level of verification used on the peer certificate.void
setSslContext(javax.net.ssl.SSLContext sslContext)
Sets an SSLContext for use when establishing SSL transport.void
setTrustedCaDb(java.lang.String certificateDb)
Configure the set of trusted CA certificates used by this node to verify peers.java.lang.String
toString()
-
-
-
Constructor Detail
-
SslDomainImpl
public SslDomainImpl()
Application code should useSslDomain.Factory.create()
instead.
-
-
Method Detail
-
init
public void init(SslDomain.Mode mode)
Description copied from interface:SslDomain
Initialize the ssl domain object. An SSL object be either an SSL server or an SSL client. It cannot be both. Those transports that will be used to accept incoming connection requests must be configured as an SSL server. Those transports that will be used to initiate outbound connections must be configured as an SSL client.
-
getMode
public SslDomain.Mode getMode()
-
setCredentials
public void setCredentials(java.lang.String certificateFile, java.lang.String privateKeyFile, java.lang.String privateKeyPassword)
Description copied from interface:SslDomain
Set the certificate that identifies the local node to the remote. This certificate establishes the identity for the local node. It will be sent to the remote if the remote needs to verify the identity of this node. This may be used for both SSL servers and SSL clients (if client authentication is required by the server).- Specified by:
setCredentials
in interfaceSslDomain
- Parameters:
certificateFile
- path to file/database containing the identifying certificate.privateKeyFile
- path to file/database containing the private key used to sign the certificateprivateKeyPassword
- the password used to sign the key, else null if key is not protected.
-
setTrustedCaDb
public void setTrustedCaDb(java.lang.String certificateDb)
Description copied from interface:SslDomain
Configure the set of trusted CA certificates used by this node to verify peers. If the local SSL client/server needs to verify the identity of the remote, it must validate the signature of the remote's certificate. This function sets the database of trusted CAs that will be used to verify the signature of the remote's certificate.- Specified by:
setTrustedCaDb
in interfaceSslDomain
- Parameters:
certificateDb
- database of trusted CAs, used to authenticate the peer.
-
getTrustedCaDb
public java.lang.String getTrustedCaDb()
- Specified by:
getTrustedCaDb
in interfaceSslDomain
-
setSslContext
public void setSslContext(javax.net.ssl.SSLContext sslContext)
Description copied from interface:SslDomain
Sets an SSLContext for use when establishing SSL transport. Setting a context this way overrides alternate configuration that might otherwise have been used to create a context, such as key and trust store paths.- Specified by:
setSslContext
in interfaceSslDomain
- Parameters:
sslContext
- the context to use
-
getSslContext
public javax.net.ssl.SSLContext getSslContext()
Description copied from interface:SslDomain
Returns the SSLContext set bySslDomain.setSslContext(SSLContext)
.- Specified by:
getSslContext
in interfaceSslDomain
- Returns:
- the SSLContext, or null if none was set.
-
setPeerAuthentication
public void setPeerAuthentication(SslDomain.VerifyMode verifyMode)
Description copied from interface:SslDomain
Configure the level of verification used on the peer certificate. This method controls how the peer's certificate is validated, if at all. By default, neither servers nor clients attempt to verify their peers (SslDomain.VerifyMode.ANONYMOUS_PEER
). Once certificates and trusted CAs are configured, peer verification can be enabled. In order to verify a peer, a trusted CA must be configured. SeeSslDomain.setTrustedCaDb(String)
. NOTE: Servers must provide their own certificate when verifying a peer. SeeSslDomain.setCredentials(String, String, String)
).- Specified by:
setPeerAuthentication
in interfaceSslDomain
- Parameters:
verifyMode
- the level of validation to apply to the peer
-
getPeerAuthentication
public SslDomain.VerifyMode getPeerAuthentication()
- Specified by:
getPeerAuthentication
in interfaceSslDomain
-
getPrivateKeyFile
public java.lang.String getPrivateKeyFile()
- Specified by:
getPrivateKeyFile
in interfaceSslDomain
-
getPrivateKeyPassword
public java.lang.String getPrivateKeyPassword()
- Specified by:
getPrivateKeyPassword
in interfaceSslDomain
-
getCertificateFile
public java.lang.String getCertificateFile()
- Specified by:
getCertificateFile
in interfaceSslDomain
-
allowUnsecuredClient
public void allowUnsecuredClient(boolean allowUnsecured)
Description copied from interface:SslDomain
Permit a server to accept connection requests from non-SSL clients. This configures the server to "sniff" the incoming client data stream, and dynamically determine whether SSL/TLS is being used. This option is disabled by default: only clients using SSL/TLS are accepted.- Specified by:
allowUnsecuredClient
in interfaceSslDomain
-
allowUnsecuredClient
public boolean allowUnsecuredClient()
- Specified by:
allowUnsecuredClient
in interfaceSslDomain
-
createSslEngine
public ProtonSslEngine createSslEngine(SslPeerDetails peerDetails)
Description copied from interface:ProtonSslEngineProvider
Returns an SSL engine.- Specified by:
createSslEngine
in interfaceProtonSslEngineProvider
- Parameters:
peerDetails
- the details of the remote peer. If non-null, may be used to assist SSL session resumption.
-
toString
public java.lang.String toString()
- Overrides:
toString
in classjava.lang.Object
-
-