SSL

java.lang.Object
- org.apache.commons.ssl.SSL

```
public class SSL
extends Object
```
Not thread-safe. (But who would ever share this thing across multiple threads???)

Since:

May 1, 2006

Author:

Credit Union Central of British Columbia, www.cucbc.com, juliusdavies@cucbc.com

Field Summary

Fields
Modifier and Type	Field and Description
`private boolean`	`checkCRL`
`private boolean`	`checkExpiry`
`private boolean`	`checkHostname`
`private int`	`connectTimeout`
`private X509Certificate[]`	`currentClientChain`
`private X509Certificate[]`	`currentServerChain`
`private String`	`defaultProtocol`
`private Map`	`dnsOverride`
`private String[]`	`enabledCiphers`
`private String[]`	`enabledProtocols`
`private HostnameVerifier`	`hostnameVerifier`
`private int`	`initCount`
`private boolean`	`isSecure`
`private KeyMaterial`	`keyMaterial`
`private static String[]`	`KNOWN_PROTOCOLS`
`static SortedSet`	`KNOWN_PROTOCOLS_SET`
`private boolean`	`needClientAuth`
`private SSLServerSocketFactory`	`serverSocketFactory`
`private SSLSocketFactory`	`socketFactory`
`private int`	`soTimeout`
`private Object`	`sslContext`
`private SSLWrapperFactory`	`sslWrapperFactory`
`private static String[]`	`SUPPORTED_CIPHERS`
`static SortedSet`	`SUPPORTED_CIPHERS_SET`
`private TrustChain`	`trustChain`
`private boolean`	`useClientMode`
`private boolean`	`useClientModeDefault`
`protected boolean`	`usingSystemProperties`
`private boolean`	`wantClientAuth`

Constructor Summary

Constructors
Constructor and Description

SSL()

Constructors
Constructor and Description
`SSL()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`addTrustMaterial(TrustChain trustChain)`
`ServerSocket`	`createServerSocket()`
`ServerSocket`	`createServerSocket(int port, int backlog, InetAddress localHost)` Attempts to get a new socket connection to the given host within the given time limit.
`Socket`	`createSocket()`
`Socket`	`createSocket(Socket s, String remoteHost, int remotePort, boolean autoClose)`
`Socket`	`createSocket(String remoteHost, int remotePort, InetAddress localHost, int localPort, int timeout)` Attempts to get a new socket connection to the given host within the given time limit.
`private void`	`dirty()`
`private void`	`dirtyAndReloadIfYoung()`
`(package private) String`	`dnsOverride(String host)`
`void`	`doPostConnectSocketStuff(Socket s, String host)`
`void`	`doPreConnectServerSocketStuff(SSLServerSocket s)`
`void`	`doPreConnectSocketStuff(Socket s)`
`X509Certificate[]`	`getAssociatedCertificateChain()`
`boolean`	`getCheckCRL()`
`boolean`	`getCheckExpiry()`
`boolean`	`getCheckHostname()`
`int`	`getConnectTimeout()`
`X509Certificate[]`	`getCurrentClientChain()`
`X509Certificate[]`	`getCurrentServerChain()`
`String[]`	`getDefaultCipherSuites()`
`String`	`getDefaultProtocol()`
`String[]`	`getEnabledCiphers()`
`String[]`	`getEnabledProtocols()`
`HostnameVerifier`	`getHostnameVerifier()`
`boolean`	`getNeedClientAuth()`
`int`	`getSoTimeout()`
`SSLContext`	`getSSLContext()`
`Object`	`getSSLContextAsObject()`
`SSLServerSocketFactory`	`getSSLServerSocketFactory()`
`SSLSocketFactory`	`getSSLSocketFactory()`
`SSLWrapperFactory`	`getSSLWrapperFactory()`
`String[]`	`getSupportedCipherSuites()`
`TrustChain`	`getTrustChain()`
`boolean`	`getUseClientMode()`
`boolean`	`getUseClientModeDefault()`
`boolean`	`getWantClientAuth()`
`private void`	`init()`
`private void`	`initThrowRuntime()`
`boolean`	`isSecure()`
`void`	`setCheckCRL(boolean checkCRL)`
`void`	`setCheckExpiry(boolean checkExpiry)`
`void`	`setCheckHostname(boolean checkHostname)`
`void`	`setConnectTimeout(int connectTimeout)`
`void`	`setCurrentClientChain(X509Certificate[] chain)`
`void`	`setCurrentServerChain(X509Certificate[] chain)`
`void`	`setDefaultProtocol(String protocol)`
`void`	`setDnsOverride(Map m)`
`void`	`setEnabledCiphers(String[] ciphers)`
`void`	`setEnabledProtocols(String[] protocols)`
`void`	`setHostnameVerifier(HostnameVerifier verifier)`
`void`	`setIsSecure(boolean b)`
`void`	`setKeyMaterial(KeyMaterial keyMaterial)`
`void`	`setNeedClientAuth(boolean needClientAuth)`
`void`	`setSoTimeout(int soTimeout)`
`void`	`setSSLWrapperFactory(SSLWrapperFactory wf)`
`void`	`setTrustMaterial(TrustChain trustChain)`
`void`	`setUseClientMode(boolean useClientMode)`
`void`	`setWantClientAuth(boolean wantClientAuth)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

KNOWN_PROTOCOLS

private static final String[] KNOWN_PROTOCOLS

SUPPORTED_CIPHERS

private static final String[] SUPPORTED_CIPHERS

KNOWN_PROTOCOLS_SET

public static final SortedSet KNOWN_PROTOCOLS_SET

SUPPORTED_CIPHERS_SET

public static final SortedSet SUPPORTED_CIPHERS_SET

sslContext
```
private Object sslContext
```

initCount
```
private int initCount
```

socketFactory
```
private SSLSocketFactory socketFactory
```

serverSocketFactory

private SSLServerSocketFactory serverSocketFactory

hostnameVerifier

private HostnameVerifier hostnameVerifier

isSecure
```
private boolean isSecure
```

checkHostname
```
private boolean checkHostname
```

checkCRL
```
private boolean checkCRL
```

checkExpiry
```
private boolean checkExpiry
```

useClientMode
```
private boolean useClientMode
```

useClientModeDefault
```
private boolean useClientModeDefault
```

soTimeout
```
private int soTimeout
```

connectTimeout
```
private int connectTimeout
```

trustChain
```
private TrustChain trustChain
```

keyMaterial
```
private KeyMaterial keyMaterial
```

enabledCiphers
```
private String[] enabledCiphers
```

enabledProtocols
```
private String[] enabledProtocols
```

defaultProtocol
```
private String defaultProtocol
```

currentServerChain

private X509Certificate[] currentServerChain

currentClientChain

private X509Certificate[] currentClientChain

wantClientAuth
```
private boolean wantClientAuth
```

needClientAuth
```
private boolean needClientAuth
```

sslWrapperFactory

private SSLWrapperFactory sslWrapperFactory

dnsOverride
```
private Map dnsOverride
```

usingSystemProperties

protected final boolean usingSystemProperties

Constructor Detail

SSL

public SSL()
    throws GeneralSecurityException,
           IOException

Throws:: GeneralSecurityException; IOException

Method Detail

dirty
```
private void dirty()
```

dirtyAndReloadIfYoung

private void dirtyAndReloadIfYoung()
                            throws NoSuchAlgorithmException,
                                   KeyStoreException,
                                   KeyManagementException,
                                   IOException,
                                   CertificateException

Throws:: NoSuchAlgorithmException; KeyStoreException; KeyManagementException; IOException; CertificateException

dnsOverride
```
String dnsOverride(String host)
```

setDnsOverride
```
public void setDnsOverride(Map m)
```

setIsSecure
```
public void setIsSecure(boolean b)
```

isSecure
```
public boolean isSecure()
```

getSSLContext

public SSLContext getSSLContext()
                         throws GeneralSecurityException,
                                IOException

Throws:: GeneralSecurityException; IOException

getSSLContextAsObject
```
public Object getSSLContextAsObject()
                             throws GeneralSecurityException,
                                    IOException
```
Returns:

com.sun.net.ssl.SSLContext or javax.net.ssl.SSLContext depending on the JSSE implementation we're using.

Throws:

GeneralSecurityException - problem creating SSLContext

IOException - problem creating SSLContext

addTrustMaterial

public void addTrustMaterial(TrustChain trustChain)
                      throws NoSuchAlgorithmException,
                             KeyStoreException,
                             KeyManagementException,
                             IOException,
                             CertificateException

Throws:: NoSuchAlgorithmException; KeyStoreException; KeyManagementException; IOException; CertificateException

setTrustMaterial

public void setTrustMaterial(TrustChain trustChain)
                      throws NoSuchAlgorithmException,
                             KeyStoreException,
                             KeyManagementException,
                             IOException,
                             CertificateException

Throws:: NoSuchAlgorithmException; KeyStoreException; KeyManagementException; IOException; CertificateException

setKeyMaterial

public void setKeyMaterial(KeyMaterial keyMaterial)
                    throws NoSuchAlgorithmException,
                           KeyStoreException,
                           KeyManagementException,
                           IOException,
                           CertificateException

Throws:: NoSuchAlgorithmException; KeyStoreException; KeyManagementException; IOException; CertificateException

getAssociatedCertificateChain

public X509Certificate[] getAssociatedCertificateChain()

getEnabledCiphers
```
public String[] getEnabledCiphers()
```

setEnabledCiphers

public void setEnabledCiphers(String[] ciphers)

getEnabledProtocols
```
public String[] getEnabledProtocols()
```

setEnabledProtocols

public void setEnabledProtocols(String[] protocols)

getDefaultProtocol
```
public String getDefaultProtocol()
```

setDefaultProtocol

public void setDefaultProtocol(String protocol)

getCheckHostname
```
public boolean getCheckHostname()
```

setCheckHostname

public void setCheckHostname(boolean checkHostname)

setHostnameVerifier

public void setHostnameVerifier(HostnameVerifier verifier)

getHostnameVerifier

public HostnameVerifier getHostnameVerifier()

getCheckCRL
```
public boolean getCheckCRL()
```

setCheckCRL

public void setCheckCRL(boolean checkCRL)

getCheckExpiry
```
public boolean getCheckExpiry()
```

setCheckExpiry

public void setCheckExpiry(boolean checkExpiry)

setSoTimeout

public void setSoTimeout(int soTimeout)

getSoTimeout
```
public int getSoTimeout()
```

setConnectTimeout

public void setConnectTimeout(int connectTimeout)

setUseClientMode

public void setUseClientMode(boolean useClientMode)

getUseClientModeDefault

public boolean getUseClientModeDefault()

getUseClientMode
```
public boolean getUseClientMode()
```

setWantClientAuth

public void setWantClientAuth(boolean wantClientAuth)

setNeedClientAuth

public void setNeedClientAuth(boolean needClientAuth)

getWantClientAuth
```
public boolean getWantClientAuth()
```

getNeedClientAuth
```
public boolean getNeedClientAuth()
```

getSSLWrapperFactory

public SSLWrapperFactory getSSLWrapperFactory()

setSSLWrapperFactory

public void setSSLWrapperFactory(SSLWrapperFactory wf)

initThrowRuntime
```
private void initThrowRuntime()
```

init

private void init()
           throws NoSuchAlgorithmException,
                  KeyStoreException,
                  KeyManagementException,
                  IOException,
                  CertificateException

Throws:: NoSuchAlgorithmException; KeyStoreException; KeyManagementException; IOException; CertificateException

doPreConnectSocketStuff

public void doPreConnectSocketStuff(Socket s)
                             throws IOException

Throws:: IOException

doPostConnectSocketStuff

public void doPostConnectSocketStuff(Socket s,
                                     String host)
                              throws IOException

Throws:: IOException

createSocket

public Socket createSocket()
                    throws IOException

Throws:: IOException

createSocket
```
public Socket createSocket(String remoteHost,
                           int remotePort,
                           InetAddress localHost,
                           int localPort,
                           int timeout)
                    throws IOException
```
Attempts to get a new socket connection to the given host within the given time limit.

Parameters:

remoteHost - the host name/IP

remotePort - the port on the host

localHost - the local host name/IP to bind the socket to

localPort - the port on the local machine

timeout - the connection timeout (0==infinite)

Returns:

Socket a new socket

Throws:

IOException - if an I/O error occurs while creating the socket

UnknownHostException - if the IP address of the host cannot be determined

createSocket

public Socket createSocket(Socket s,
                           String remoteHost,
                           int remotePort,
                           boolean autoClose)
                    throws IOException

Throws:: IOException

createServerSocket

public ServerSocket createServerSocket()
                                throws IOException

Throws:: IOException

createServerSocket
```
public ServerSocket createServerSocket(int port,
                                       int backlog,
                                       InetAddress localHost)
                                throws IOException
```
Attempts to get a new socket connection to the given host within the given time limit.

Parameters:

localHost - the local host name/IP to bind against (null == ANY)

port - the port to listen on

backlog - number of connections allowed to queue up for accept().

Returns:

SSLServerSocket a new server socket

Throws:

IOException - if an I/O error occurs while creating thesocket

doPreConnectServerSocketStuff

public void doPreConnectServerSocketStuff(SSLServerSocket s)
                                   throws IOException

Throws:: IOException

getSSLSocketFactory

public SSLSocketFactory getSSLSocketFactory()

getSSLServerSocketFactory

public SSLServerSocketFactory getSSLServerSocketFactory()

getConnectTimeout
```
public int getConnectTimeout()
```

getDefaultCipherSuites

public String[] getDefaultCipherSuites()

getSupportedCipherSuites

public String[] getSupportedCipherSuites()

getTrustChain
```
public TrustChain getTrustChain()
```

setCurrentServerChain

public void setCurrentServerChain(X509Certificate[] chain)

setCurrentClientChain

public void setCurrentClientChain(X509Certificate[] chain)

getCurrentServerChain

public X509Certificate[] getCurrentServerChain()

getCurrentClientChain

public X509Certificate[] getCurrentClientChain()

Class SSL

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

KNOWN_PROTOCOLS

SUPPORTED_CIPHERS

KNOWN_PROTOCOLS_SET

SUPPORTED_CIPHERS_SET

sslContext

initCount

socketFactory

serverSocketFactory

hostnameVerifier

isSecure

checkHostname

checkCRL

checkExpiry

useClientMode

useClientModeDefault

soTimeout

connectTimeout

trustChain

keyMaterial

enabledCiphers

enabledProtocols

defaultProtocol

currentServerChain

currentClientChain

wantClientAuth

needClientAuth

sslWrapperFactory

dnsOverride

usingSystemProperties

Constructor Detail

SSL

Method Detail

dirty

dirtyAndReloadIfYoung

dnsOverride

setDnsOverride

setIsSecure

isSecure

getSSLContext

getSSLContextAsObject

addTrustMaterial

setTrustMaterial

setKeyMaterial

getAssociatedCertificateChain

getEnabledCiphers

setEnabledCiphers

getEnabledProtocols

setEnabledProtocols

getDefaultProtocol

setDefaultProtocol

getCheckHostname

setCheckHostname

setHostnameVerifier

getHostnameVerifier

getCheckCRL

setCheckCRL

getCheckExpiry

setCheckExpiry

setSoTimeout

getSoTimeout

setConnectTimeout

setUseClientMode

getUseClientModeDefault

getUseClientMode

setWantClientAuth

setNeedClientAuth

getWantClientAuth

getNeedClientAuth

getSSLWrapperFactory

setSSLWrapperFactory

initThrowRuntime

init

doPreConnectSocketStuff

doPostConnectSocketStuff