SslConf

java.lang.Object
- bayou.ssl.SslConf

public class SslConf
extends Object

SSL configuration.

This class is basically a builder for SSLContext from key-store and/or trust-store files. For example:

     SSLContext context = new SslConf()
         .keyStoreFile("my-certs.jks)
         .keyStorePass("password")
         .keyManagerFactoryAlgorithm("PKIX")
         .createContext();

Constructor Summary

Constructors
Constructor and Description

SslConf()
Create an SslConf with default values.

Constructors
Constructor and Description
`SslConf()` Create an SslConf with default values.

Method Summary

Instance Methods
`SslConf`	`keyStoreFile(String keyStoreFile)` The key store file path.
`SslConf`	`keyStorePass(String keyStorePass)` The key store file password.
`SslConf`	`keyStoreType(String keyStoreType)` The keys tore file type.
`SslConf`	`keyManagerFactoryAlgorithm(String keyManagerFactoryAlgorithm)` Algorithm for KeyManagerFactory.
`SslConf`	`trustStoreFile(String trustStoreFile)` The trust store file path.
`SslConf`	`trustStorePass(String trustStorePass)` The trust store file password.
`SslConf`	`trustStoreType(String trustStoreType)` The trust store file type.
`SslConf`	`trustManagerFactoryAlgorithm(String trustManagerFactoryAlgorithm)` Algorithm for KeyManagerFactory.
`SslConf`	`trustAll()` Use a TrustManager that accept all peer certificates, including all self-signed ones.
`SslConf`	`contextProtocol(String contextProtocol)` The protocol for `SSLContext.getInstance(protocol)`
`SSLContext`	`createContext()` Create an SSLContext.
`KeyManager[]`	`createKeyManagers()` Create key managers.
`TrustManager[]`	`createTrustManagers()` Create trust managers.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - SslConf
```
public SslConf()
```
    Create an SslConf with default values.
- Method Detail
  - keyStoreFile
```
public SslConf keyStoreFile(String keyStoreFile)
```
    The key store file path.
    default: null (none)
    
    This file contains private keys used for local certificates.
    
    For server, this field usually should be non-null.
    
    For client, this field usually is null, unless client certificate is required.
    
    Returns:
    
    `this`
  - keyStorePass
```
public SslConf keyStorePass(String keyStorePass)
```
    The key store file password.
    default: null
    
    This field must be non-null if `keyStoreFile` is non-null.
    
    This password is both for the file, and for all private keys in the file.
    
    Returns:
    
    `this`
  - keyStoreType
```
public SslConf keyStoreType(String keyStoreType)
```
    The keys tore file type. This value is used for KeyStore.getInstance(type).
    default: KeyStore.getDefaultType()
    
    See standard values, including "jks", "pkcs12" etc.
    
    On Sun/Oracle JRE, the factory-default value is "jks".
    
    Returns:
    
    `this`
  - keyManagerFactoryAlgorithm
```
public SslConf keyManagerFactoryAlgorithm(String keyManagerFactoryAlgorithm)
```
    Algorithm for KeyManagerFactory. This value is used for KeyManagerFactory.getInstance(algorithm)
    default: KeyManagerFactory.getDefaultAlgorithm()
    
    See standard values, including "PKIX".
    
    On Sun/Oracle JRE, supported values include "PKIX", "SunX509", "NewSunX509". The factory-default value is "SunX509", which is probably fine for most use cases; However, apparently "SunX509" does not support SNI at this point, and "PKIX" does. Try "PKIX" if SNI support is required.
    
    Returns:
    
    `this`
  - trustStoreFile
```
public SslConf trustStoreFile(String trustStoreFile)
```
    The trust store file path.
    default: null (system default)
    
    This file contains root certificates for validating peer certificates.
    
    If null, a system default trust store is used, which is usually "JAVA-HOME/lib/security/cacerts". See details at JSSE Guide, starting at "Note: If a null KeyStore parameter is passed to ..."
    
    If null, `trustStorePass`, `trustStoreType`, and `trustManagerFactoryAlgorithm` configurations are irrelevant and ignored.
    
    For server, this field usually can be null, unless the server needs to validate client certificates with non-standard CAs.
    
    For client, this field usually can be null, unless the client needs to validate server certificates with non-standard CAs.
    
    Note that the same key store file for the server can be used as the trust store for the client; this is convenient for local testing with self-signed certificates.
    
    See also trustAll().
    
    Returns:
    
    `this`
  - trustStorePass
```
public SslConf trustStorePass(String trustStorePass)
```
    The trust store file password.
    default: null
    
    This password is only used to check the integrity of the trust store file. It is not required even if `trustStoreFile` is non-null.
    
    Note that the factory-default password for "JAVA-HOME/lib/security/cacerts" is "changeit".
    
    Returns:
    
    `this`
  - trustStoreType
```
public SslConf trustStoreType(String trustStoreType)
```
    The trust store file type. This value is used for KeyStore.getInstance(type) (note that KeyStore class can also represent trust stores).
    default: KeyStore.getDefaultType()
    
    See standard values, including "jks", "pkcs12" etc.
    
    On Sun/Oracle JRE, the factory-default value is "jks".
    
    Returns:
    
    `this`
  - trustManagerFactoryAlgorithm
```
public SslConf trustManagerFactoryAlgorithm(String trustManagerFactoryAlgorithm)
```
    Algorithm for KeyManagerFactory. This value is used for TrustManagerFactory.getInstance(algorithm)
    default: TrustManagerFactory.getDefaultAlgorithm()
    
    See standard values, including "PKIX".
    
    On Sun/Oracle JRE, the factory-default value is "PKIX", which is probably fine for most use cases.
    
    Returns:
    
    `this`
  - trustAll
```
public SslConf trustAll()
```
    Use a TrustManager that accept all peer certificates, including all self-signed ones.
    Some applications may opt to accept all peer certificates during handshake.
    
    `trustAll` and `trustStoreFile` override each other; whichever specified last is the effective setting.
    
    Returns:
    
    `this`
  - contextProtocol
```
public SslConf contextProtocol(String contextProtocol)
```
    The protocol for SSLContext.getInstance(protocol)
    default: "TLS"
    
    See standard values.
    
    The default value "TLS" should be fine for most use cases.
    
    Returns:
    
    `this`
  - createContext
```
public SSLContext createContext()
                         throws Exception
```
    Create an SSLContext.
    This method depends on field
    contextProtocol
    and methods
    createKeyManagers()
    createTrustManagers()
    
    Throws:
    
    Exception
  - createKeyManagers
```
public KeyManager[] createKeyManagers()
                               throws Exception
```
    Create key managers.
    This method depends on fields
    keyStoreFile
    keyStorePass
    keyStoreType
    keyManagerFactoryAlgorithm
    
    Throws:
    
    Exception
  - createTrustManagers
```
public TrustManager[] createTrustManagers()
                                   throws Exception
```
    Create trust managers.
    If trustAll() is specified, return a TrustManager that trust all certificates.
    
    If trustStoreFile==null, return system default TrustManagers.
    
    Otherwise, this method depends on fields
    trustStoreFile
    trustStorePass
    trustStoreType
    trustManagerFactoryAlgorithm
    
    Throws:
    
    Exception

Class SslConf

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

SslConf

Method Detail

keyStoreFile

keyStorePass

keyStoreType

keyManagerFactoryAlgorithm

trustStoreFile

trustStorePass

trustStoreType

trustManagerFactoryAlgorithm

trustAll

contextProtocol

createContext

createKeyManagers

createTrustManagers