java.lang.Object
org.bzdev.net.SSLUtilities
Class for configuring SSL/TLS.
This class consists of static methods. It will let one
add an additional trust store (useful for testing or servers
that are running locally), allow the loopback interface to be
used in an SSL connection, and configure when
self-signed certificates are accepted.
Error messages may appear on standard error, but how and where these
messages are displayed can be changed by using methods provided by
ErrorMessage
and
{link org.bzdev.swing.SwingErrorMessage}.
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic void
Install a custom host-name verifier that will additionally accept the loopback interface's host name.static void
configureUsingSBL
(String type, File sblFile, Supplier<char[]> passphraseSupplier) Configure SSL using data stored in an SBL file.static void
Remove the custom host name verifier set by callingallowLoopbackHostname()
and restore the system default that was in effect when this class was initialized.static TrustManager[]
installTrustManager
(String type, File trustKeyStore, char[] password, Predicate<X509Certificate> acceptSelfSigned) Configure SSL so that it will use a custom trust store in addition to the default.
-
Constructor Details
-
SSLUtilities
public SSLUtilities()
-
-
Method Details
-
configureUsingSBL
public static void configureUsingSBL(String type, File sblFile, Supplier<char[]> passphraseSupplier) throws IOException, GeneralSecurityException, CertificateException Configure SSL using data stored in an SBL file. SBL files can be created and edited using the program sbl, which is normally installed with this class library.- Parameters:
type
- the type for anSSLContext
(e.g., SSL or TLS)sblFile
- a file in SBL formatpassphraseSupplier
- aSupplier
that will provide a GPG pass phrase; null for a default- Throws:
IOException
GeneralSecurityException
CertificateException
- See Also:
-
installTrustManager
public static TrustManager[] installTrustManager(String type, File trustKeyStore, char[] password, Predicate<X509Certificate> acceptSelfSigned) throws IOException, GeneralSecurityException, CertificateException Configure SSL so that it will use a custom trust store in addition to the default. If a certificate is not valid based on the key stores but is self signed, the argument acceptSelfSigned will be used to to determine if the certificate should be accepted. This argument is a functional interface with a "test" method that takes the certificate as an argument, and will return true if the certificate should be accepted and false if it should not be accepted. An implementation of this functional interface may provide a dialog box to query the user and may cache values.- Parameters:
type
- the type for anSSLContext
(e.g., SSL or TLS)trustKeyStore
- the file for a custom trust key store; null if there is nonepassword
- the password for the trust key storeacceptSelfSigned
- a function that determines if a self-signed certificate should be accepted- Throws:
IOException
GeneralSecurityException
CertificateException
- See Also:
-
allowLoopbackHostname
public static void allowLoopbackHostname()Install a custom host-name verifier that will additionally accept the loopback interface's host name. -
disallowLoopbackHostname
public static void disallowLoopbackHostname()Remove the custom host name verifier set by callingallowLoopbackHostname()
and restore the system default that was in effect when this class was initialized.
-