/*
|
* CDDL HEADER START
|
*
|
* The contents of this file are subject to the terms of the
|
* Common Development and Distribution License, Version 1.0 only
|
* (the "License"). You may not use this file except in compliance
|
* with the License.
|
*
|
* You can obtain a copy of the license at
|
* trunk/opends/resource/legal-notices/OpenDS.LICENSE
|
* or https://OpenDS.dev.java.net/OpenDS.LICENSE.
|
* See the License for the specific language governing permissions
|
* and limitations under the License.
|
*
|
* When distributing Covered Code, include this CDDL HEADER in each
|
* file and include the License file at
|
* trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
|
* add the following below this CDDL HEADER, with the fields enclosed
|
* by brackets "[]" replaced with your own identifying information:
|
* Portions Copyright [yyyy] [name of copyright owner]
|
*
|
* CDDL HEADER END
|
*
|
*
|
* Copyright 2010 Sun Microsystems, Inc.
|
*/
|
|
package org.opends.sdk;
|
|
|
|
import java.security.GeneralSecurityException;
|
import java.security.Provider;
|
import java.security.SecureRandom;
|
|
import javax.net.ssl.KeyManager;
|
import javax.net.ssl.SSLContext;
|
import javax.net.ssl.TrustManager;
|
|
|
|
/**
|
* An SSL context builder provides an interface for incrementally constructing
|
* {@link SSLContext} instances for use when securing connections with SSL or
|
* the StartTLS extended operation. The {@link #getSSLContext()} should be
|
* called in order to obtain the {@code SSLContext}.
|
*/
|
public final class SSLContextBuilder
|
{
|
|
/**
|
* SSL protocol: supports some version of SSL; may support other versions.
|
*/
|
public static final String PROTOCOL_SSL = "SSL";
|
|
/**
|
* SSL protocol: supports SSL version 2 or higher; may support other versions.
|
*/
|
public static final String PROTOCOL_SSL2 = "SSLv2";
|
|
/**
|
* SSL protocol: supports SSL version 3; may support other versions.
|
*/
|
public static final String PROTOCOL_SSL3 = "SSLv3";
|
|
/**
|
* SSL protocol: supports some version of TLS; may support other versions.
|
*/
|
public static final String PROTOCOL_TLS = "TLS";
|
|
/**
|
* SSL protocol: supports RFC 2246: TLS version 1.0 ; may support other
|
* versions.
|
*/
|
public static final String PROTOCOL_TLS1 = "TLSv1";
|
|
/**
|
* SSL protocol: supports RFC 4346: TLS version 1.1 ; may support other
|
* versions.
|
*/
|
public static final String PROTOCOL_TLS1_1 = "TLSv1.1";
|
|
private TrustManager trustManager = null;
|
private KeyManager keyManager = null;
|
private String protocol = PROTOCOL_TLS1;
|
private SecureRandom random = null;
|
|
// These are mutually exclusive.
|
private Provider provider = null;
|
private String providerName = null;
|
|
|
|
/**
|
* Creates a new SSL context builder using default parameters.
|
*/
|
public SSLContextBuilder()
|
{
|
// Do nothing.
|
}
|
|
|
|
/**
|
* Creates a {@code SSLContext} using the parameters of this SSL context
|
* builder.
|
*
|
* @return A {@code SSLContext} using the parameters of this SSL context
|
* builder.
|
* @throws GeneralSecurityException
|
* If the SSL context could not be created, perhaps due to missing
|
* algorithms.
|
*/
|
public SSLContext getSSLContext() throws GeneralSecurityException
|
{
|
TrustManager[] tm = null;
|
if (trustManager != null)
|
{
|
tm = new TrustManager[] { trustManager };
|
}
|
|
KeyManager[] km = null;
|
if (keyManager != null)
|
{
|
km = new KeyManager[] { keyManager };
|
}
|
|
SSLContext sslContext;
|
if (provider != null)
|
{
|
sslContext = SSLContext.getInstance(protocol, provider);
|
}
|
else if (providerName != null)
|
{
|
sslContext = SSLContext.getInstance(protocol, providerName);
|
}
|
else
|
{
|
sslContext = SSLContext.getInstance(protocol);
|
}
|
sslContext.init(km, tm, random);
|
|
return sslContext;
|
}
|
|
|
|
/**
|
* Sets the key manager which the SSL context should use. By default, no key
|
* manager is specified indicating that no certificates will be used.
|
*
|
* @param keyManager
|
* The key manager which the SSL context should use, which may be
|
* {@code null} indicating that no certificates will be used.
|
* @return This SSL context builder.
|
*/
|
public SSLContextBuilder setKeyManager(final KeyManager keyManager)
|
{
|
this.keyManager = keyManager;
|
return this;
|
}
|
|
|
|
/**
|
* Sets the protocol which the SSL context should use. By default, TLSv1 will
|
* be used.
|
*
|
* @param protocol
|
* The protocol which the SSL context should use, which may be
|
* {@code null} indicating that TLSv1 will be used.
|
* @return This SSL context builder.
|
*/
|
public SSLContextBuilder setProtocol(final String protocol)
|
{
|
this.protocol = protocol;
|
return this;
|
}
|
|
|
|
/**
|
* Sets the provider which the SSL context should use. By default, the default
|
* provider associated with this JVM will be used.
|
*
|
* @param provider
|
* The provider which the SSL context should use, which may be
|
* {@code null} indicating that the default provider associated with
|
* this JVM will be used.
|
* @return This SSL context builder.
|
*/
|
public SSLContextBuilder setProvider(final Provider provider)
|
{
|
this.provider = provider;
|
this.providerName = null;
|
return this;
|
}
|
|
|
|
/**
|
* Sets the provider which the SSL context should use. By default, the default
|
* provider associated with this JVM will be used.
|
*
|
* @param providerName
|
* The name of the provider which the SSL context should use, which
|
* may be {@code null} indicating that the default provider
|
* associated with this JVM will be used.
|
* @return This SSL context builder.
|
*/
|
public SSLContextBuilder setProvider(final String providerName)
|
{
|
this.provider = null;
|
this.providerName = providerName;
|
return this;
|
}
|
|
|
|
/**
|
* Sets the secure random number generator which the SSL context should use.
|
* By default, the default secure random number generator associated with this
|
* JVM will be used.
|
*
|
* @param random
|
* The secure random number generator which the SSL context should
|
* use, which may be {@code null} indicating that the default secure
|
* random number generator associated with this JVM will be used.
|
* @return This SSL context builder.
|
*/
|
public SSLContextBuilder setSecureRandom(final SecureRandom random)
|
{
|
this.random = random;
|
return this;
|
}
|
|
|
|
/**
|
* Sets the trust manager which the SSL context should use. By default, no
|
* trust manager is specified indicating that only certificates signed by the
|
* authorities associated with this JVM will be accepted.
|
*
|
* @param trustManager
|
* The trust manager which the SSL context should use, which may be
|
* {@code null} indicating that only certificates signed by the
|
* authorities associated with this JVM will be accepted.
|
* @return This SSL context builder.
|
*/
|
public SSLContextBuilder setTrustManager(final TrustManager trustManager)
|
{
|
this.trustManager = trustManager;
|
return this;
|
}
|
}
|
