public final class SSLContext extends Object
Constructor and Description |
---|
SSLContext() |
Modifier and Type | Method and Description |
---|---|
static void |
clearOptions(long ctx,
int options)
Clears OpenSSL Options.
|
static int |
free(long ctx)
Free the resources used by the Context
|
static long |
make(long pool,
int protocol,
int mode)
Create a new SSL context.
|
static void |
setBIO(long ctx,
long bio,
int dir)
Associate BIOCallback for input or output data capture.
|
static boolean |
setCACertificate(long ctx,
String file,
String path)
Set File and Directory of concatenated PEM-encoded CA Certificates
for Client Auth
This directive sets the all-in-one file where you can assemble the Certificates of Certification Authorities (CA) whose clients you deal with. |
static boolean |
setCARevocation(long ctx,
String file,
String path)
Set File of concatenated PEM-encoded CA CRLs or
directory of PEM-encoded CA Certificates for Client Auth
This directive sets the all-in-one file where you can assemble the Certificate Revocation Lists (CRL) of Certification Authorities (CA) whose clients you deal with. |
static boolean |
setCertificate(long ctx,
String cert,
String key,
String password,
int idx)
Set Certificate
Point setCertificateFile at a PEM encoded certificate. |
static boolean |
setCertificateChainFile(long ctx,
String file,
boolean skipfirst)
Set File of PEM-encoded Server CA Certificates
This directive sets the optional all-in-one file where you can assemble the certificates of Certification Authorities (CA) which form the certificate chain of the server certificate. |
static boolean |
setCipherSuite(long ctx,
String ciphers)
Cipher Suite available for negotiation in SSL handshake.
|
static void |
setContextId(long ctx,
String id)
Set Session context id.
|
static void |
setOptions(long ctx,
int options)
Set OpenSSL Option.
|
static void |
setQuietShutdown(long ctx,
boolean mode)
Sets the "quiet shutdown" flag for ctx to be
mode.
|
static void |
setRandom(long ctx,
String file)
Set file for randomness
|
static void |
setShutdownType(long ctx,
int type)
Set SSL connection shutdown type
The following levels are available for level: SSL_SHUTDOWN_TYPE_STANDARD SSL_SHUTDOWN_TYPE_UNCLEAN SSL_SHUTDOWN_TYPE_ACCURATE |
static void |
setVerify(long ctx,
int level,
int depth)
Set Type of Client Certificate verification and Maximum depth of CA Certificates
in Client Certificate verification.
|
public static long make(long pool, int protocol, int mode) throws Exception
pool
- The pool to use.protocol
- The SSL protocol to use. It can be any combination of
the following:
SSL.SSL_PROTOCOL_SSLV2
SSL.SSL_PROTOCOL_SSLV3
SSL.SSL_PROTOCOL_TLSV1
SSL.SSL_PROTOCOL_TLSV1_1
SSL.SSL_PROTOCOL_TLSV1_2
SSL.SSL_PROTOCOL_TLSV1_3
SSL.SSL_PROTOCOL_ALL
( == all TLS versions, no SSL)
mode
- SSL mode to use
SSL_MODE_CLIENT SSL_MODE_SERVER SSL_MODE_COMBINED
Exception
- If the SSL Context could not be createdpublic static int free(long ctx)
ctx
- Server or Client context to free.public static void setContextId(long ctx, String id)
ctx
- Context to use.id
- String that uniquely identifies this context.public static void setBIO(long ctx, long bio, int dir)
[ERROR] -- Critical error messages [WARN] -- Warning messages [INFO] -- Informational messages [DEBUG] -- Debugging messagedCallback can use that word to determine application logging level by intercepting write call. If the bio is set to 0 no error messages will be displayed. Default is to use the stderr output stream.
ctx
- Server or Client context to use.bio
- BIO handle to use, created with SSL.newBIOdir
- BIO direction (1 for input 0 for output).public static void setOptions(long ctx, int options)
ctx
- Server or Client context to use.options
- See SSL.SSL_OP_* for option flags.public static void clearOptions(long ctx, int options)
ctx
- Server or Client context to use.options
- See SSL.SSL_OP_* for option flags.public static void setQuietShutdown(long ctx, boolean mode)
ctx
- Server or Client context to use.mode
- True to set the quiet shutdown.public static boolean setCipherSuite(long ctx, String ciphers) throws Exception
ctx
- Server or Client context to use.ciphers
- An OpenSSL cipher specification.true
if the operation was successfulException
- An error occurredpublic static boolean setCARevocation(long ctx, String file, String path) throws Exception
ctx
- Server or Client context to use.file
- File of concatenated PEM-encoded CA CRLs for Client Auth.path
- Directory of PEM-encoded CA Certificates for Client Auth.true
if the operation was successfulException
- An error occurredpublic static boolean setCertificateChainFile(long ctx, String file, boolean skipfirst)
ctx
- Server or Client context to use.file
- File of PEM-encoded Server CA Certificates.skipfirst
- Skip first certificate if chain file is inside
certificate file.true
if the operation was successfulpublic static boolean setCertificate(long ctx, String cert, String key, String password, int idx) throws Exception
ctx
- Server or Client context to use.cert
- Certificate file.key
- Private Key file to use if not in cert.password
- Certificate password. If null and certificate
is encrypted, password prompt will be displayed.idx
- Certificate index SSL_AIDX_RSA or SSL_AIDX_DSA.true
if the operation was successfulException
- An error occurredpublic static boolean setCACertificate(long ctx, String file, String path) throws Exception
ctx
- Server or Client context to use.file
- File of concatenated PEM-encoded CA Certificates for
Client Auth.path
- Directory of PEM-encoded CA Certificates for Client Auth.true
if the operation was successfulException
- An error occurredpublic static void setRandom(long ctx, String file)
ctx
- Server or Client context to use.file
- random file.public static void setShutdownType(long ctx, int type)
SSL_SHUTDOWN_TYPE_STANDARD SSL_SHUTDOWN_TYPE_UNCLEAN SSL_SHUTDOWN_TYPE_ACCURATE
ctx
- Server or Client context to use.type
- Shutdown type to use.public static void setVerify(long ctx, int level, int depth)
SSL_CVERIFY_NONE - No client Certificate is required at all SSL_CVERIFY_OPTIONAL - The client may present a valid Certificate SSL_CVERIFY_REQUIRE - The client has to present a valid Certificate SSL_CVERIFY_OPTIONAL_NO_CA - The client may present a valid Certificate but it need not to be (successfully) verifiable
setCACertificatePath
), etc.ctx
- Server or Client context to use.level
- Type of Client Certificate verification.depth
- Maximum depth of CA Certificates in Client Certificate
verification.Copyright © 2000-2021 Apache Software Foundation. All Rights Reserved.