|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectnl.nikhef.slcshttps.CAHttps
public abstract class CAHttps
Abstract class for communication to a Certificate Authority (CA), an
implementation should include methods to initialize (e.g authenticate at an
Online CA) and to retrieve and store a certificate. It further includes
methods to set and reset the default SSLSocketFactory
. Setting this
means that it will be used for all SSL connections which will be set up
afterwards. All cryptographic objects such as keypairs, CSRs and certificates
are stored in a CryptoStore
object. There is support for both HttpsURLConnection
and for HttxURLConnection
, either independently
or combined. The behaviour can be driven using the property "nl.nikhef.slcshttps.https".
Field Summary | |
---|---|
private static BigInteger |
CAHttpsCertNo
The serial number for the currently used client side certificate in HttpsURLConnection , can be retrieved using getCAHttpsCertNo() . |
private static BigInteger |
CAHttxCertNo
The serial number for the currently used client side certificate in HttxURLConnection , can be retrieved using getCAHttxCertNo() . |
(package private) CryptoStore |
cryptoStore
Contains, among others, the keypair, Certificate Signing Request ( CSR ), certificate. |
private static SSLSocketFactory |
defaultHttpsSSLSocketFactory
The default SSLSocketFactory for a HttpsURLConnection , so that we can revert to it. |
private static SSLSocketFactory |
defaultHttxSSLSocketFactory
The default SSLSocketFactory for a HttxURLConnection , so that we can revert to it. |
static String |
HTTPS_PROP
Property "nl.nikhef.slcshttps.https" defines whether to use the client side certificate for HttxURLConnection and/or HttpsURLConnection . |
private static boolean |
maskHttps
Is true when property "nl.nikhef.slcshttps.https" equals mask . |
(package private) static boolean |
showSuccess
Is equal to the value of "nl.nikhef.slcshttps.acknowledge" when the latter is set, or defaults to true . |
static String |
SUCCESS_PROP
Property "nl.nikhef.slcshttps.acknowledge" defines whether to acknowledge successful certificate import, download etc. |
private static boolean |
useHttps
Is true when property "nl.nikhef.slcshttps.https" does NOT equal httx . |
private static boolean |
useHttx
Is true when property "nl.nikhef.slcshttps.https" does NOT equal https . |
Constructor Summary | |
---|---|
CAHttps()
Constructs a default CAHttps , this is the same as CAHttps(boolean) with the value true . |
|
CAHttps(boolean initCSR)
Constructs a default CAHttps with or without creating a
Certificate Signing Request (CSR ) in the internal CryptoStore . |
|
CAHttps(PrintStream myErr,
PrintStream myOut,
InputStream myIn)
constructs a default CAHttps and changes
stdout/stdin to the streams specified. |
|
CAHttps(PrintStream myErr,
PrintStream myOut,
InputStream myIn,
boolean initCSR)
constructs a default CAHttps , changes
stdout/stdin to the streams specified, with or without
creating a Certificate Signing Request (CSR ) in the
internal CryptoStore . |
Method Summary | |
---|---|
BigInteger |
getCAHttpsCertNo()
method to return the serial number of the certificate used by the SSLSocketFactory in setting up a HttpsURLConnection . |
BigInteger |
getCAHttxCertNo()
method to return the serial number of the certificate used by the SSLSocketFactory in setting up a HttxURLConnection . |
X509Certificate |
getCertificate()
Method to get the X509Certificate currently in the
internal CryptoStore . |
boolean |
getMaskHttps()
Getter method for private maskHttps . |
static String |
getSerialString(BigInteger serial)
method to convert a BigInteger certificate serial number
into a String of the form 89:ab:12 . |
static boolean |
getShowSuccess()
Getter method for private showSuccess . |
boolean |
getUseHttps()
Getter method for private useHttps . |
boolean |
getUseHttx()
Getter method for private useHttx . |
abstract void |
initialize(String initString)
Abstract method to initialize the communication with the CA. |
void |
resetHttpsSSLSocketFactory()
method to restore the default SSLSocketFactory for HttpsURLConnection to its startup default. |
void |
resetHttxSSLSocketFactory()
method to restore the default SSLSocketFactory for HttxURLConnection to its startup default. |
void |
resetSSLSocketFactory()
method to restore the default SSLSocketFactory for HttpsURLConnection and/or HttpsURLConnection to their startup
defaults. |
void |
setHttpsSSLSocketFactory()
method to change the default SSLSocketFactory for HttpsURLConnection such that it uses the certificate for client side
authentication. |
void |
setHttxSSLSocketFactory()
method to change the default SSLSocketFactory for HttxURLConnection such that it uses the certificate for client side
authentication. |
static void |
setShowSuccess(boolean show)
Setter method for private showSuccess . |
void |
setSSLSocketFactory()
method to change the default SSLSocketFactory for HttxURLConnection and/or HttpsURLConnection such that they use
the certificate for client side authentication. |
abstract void |
storeCertificate(String storeString)
Abstract method to get certificate at CA and store it in the internal CryptoStore . |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
private static SSLSocketFactory defaultHttpsSSLSocketFactory
SSLSocketFactory
for a HttpsURLConnection
, so that we can revert to it.
private static SSLSocketFactory defaultHttxSSLSocketFactory
SSLSocketFactory
for a HttxURLConnection
, so that we can revert to it.
private static BigInteger CAHttpsCertNo
HttpsURLConnection
, can be retrieved using getCAHttpsCertNo()
.
private static BigInteger CAHttxCertNo
HttxURLConnection
, can be retrieved using getCAHttxCertNo()
.
public static final String HTTPS_PROP
HttxURLConnection
and/or HttpsURLConnection
. Valid
options are https
set client cert only for
HttpsURLConnection
httx
set client cert only for
HttxURLConnection
both
set client cert for both
mask
set client cert for both but only show feedback
etc for HttxURLConnection
(default)
private static boolean useHttps
httx
.
private static boolean useHttx
https
.
private static boolean maskHttps
mask
.
public static final String SUCCESS_PROP
true
or
false
.
getShowSuccess()
,
setShowSuccess(boolean)
,
Constant Field Valuesstatic boolean showSuccess
true
.
CryptoStore cryptoStore
CSR
), certificate. Note that it needs
to package private, since implementing classes need to access it.
Constructor Detail |
---|
public CAHttps() throws KeyStoreException
CAHttps
, this is the same as CAHttps(boolean)
with the value true
.
KeyStoreException
- when initializing the internal CryptoStore
failed.CAHttps(boolean)
public CAHttps(boolean initCSR) throws KeyStoreException
CAHttps
with or without creating a
Certificate Signing Request (CSR
) in the internal CryptoStore
.
initCSR
- whether to initialize a Certificate Signing Request
(CSR
) within the internal CryptoStore
.
KeyStoreException
- when initializing the internal CryptoStore
failed.public CAHttps(PrintStream myErr, PrintStream myOut, InputStream myIn) throws KeyStoreException
CAHttps
and changes
stdout/stdin
to the streams specified.
myErr
- use this stream instead of stderr
,
null
for stderr
myOut
- use this stream instead of stdout
,
null
for stdout
.myIn
- use this stream instead of stdin
,
null
for stdin
.
KeyStoreException
CAHttps()
public CAHttps(PrintStream myErr, PrintStream myOut, InputStream myIn, boolean initCSR) throws KeyStoreException
CAHttps
, changes
stdout/stdin
to the streams specified, with or without
creating a Certificate Signing Request (CSR
) in the
internal CryptoStore
.
myErr
- use this stream instead of stderr
,
null
for stderr
myOut
- use this stream instead of stdout
,
null
for stdout
.myIn
- use this stream instead of stdin
,
null
for stdin
.initCSR
- whether to initialize a Certificate Signing Request
(CSR
) within the internal CryptoStore
.
KeyStoreException
Method Detail |
---|
public abstract void initialize(String initString) throws IOException
initString
- String
some string to use for
initialization.
IOException
- upon error.public abstract void storeCertificate(String storeString) throws IOException, CertificateException, KeyStoreException, KeyManagementException
CryptoStore
.
storeString
- String
some string to use for
retrieving the Certificate.
IOException
- if communication goes wrong
CertificateException
- if no valid certificate is returned
KeyStoreException
- if the certificate cannot be stored in the
CryptoStore
.
KeyManagementException
- when using the certificate somehow fails.public X509Certificate getCertificate() throws KeyStoreException
X509Certificate
currently in the
internal CryptoStore
.
CryptoStore
.
KeyStoreException
public void setHttpsSSLSocketFactory() throws KeyStoreException, KeyManagementException
SSLSocketFactory
for HttpsURLConnection
such that it uses the certificate for client side
authentication.
KeyStoreException
- when the initialization of the
CryptoSSL
with the CryptoStore
failed.
KeyManagementException
- in case of problems setting up the default
SSLSocketFactory
.setSSLSocketFactory()
,
resetHttpsSSLSocketFactory()
public void resetHttpsSSLSocketFactory() throws KeyManagementException
SSLSocketFactory
for HttpsURLConnection
to its startup default.
SecurityException
- if permission to change is denied.
KeyManagementException
- in other cases the change is not possible.HttpsURLConnection.setDefaultSSLSocketFactory(SSLSocketFactory)
public void setHttxSSLSocketFactory() throws KeyStoreException, KeyManagementException
SSLSocketFactory
for HttxURLConnection
such that it uses the certificate for client side
authentication.
KeyStoreException
- when the initialization of the
CryptoSSL
with the CryptoStore
failed.
KeyManagementException
- in case of problems setting up the default
SSLSocketFactory
.setSSLSocketFactory()
,
resetHttxSSLSocketFactory()
public void resetHttxSSLSocketFactory() throws KeyManagementException
SSLSocketFactory
for HttxURLConnection
to its startup default.
SecurityException
- if permission to change is denied.
KeyManagementException
- in other cases the change is not possible.HttxURLConnection.setDefaultSSLSocketFactory(SSLSocketFactory)
public void setSSLSocketFactory() throws KeyStoreException, KeyManagementException
SSLSocketFactory
for HttxURLConnection
and/or HttpsURLConnection
such that they use
the certificate for client side authentication.
KeyStoreException
- when the initialization of the
CryptoSSL
with the CryptoStore
failed.
KeyManagementException
- in case of problems setting up the default
SSLSocketFactory
.resetSSLSocketFactory()
,
HTTPS_PROP
public void resetSSLSocketFactory() throws KeyManagementException
SSLSocketFactory
for HttpsURLConnection
and/or HttpsURLConnection
to their startup
defaults.
SecurityException
- if permission to change is denied.
KeyManagementException
- in other cases the change is not possible.HTTPS_PROP
public BigInteger getCAHttpsCertNo()
SSLSocketFactory
in setting up a HttpsURLConnection
.
null
when not set.public BigInteger getCAHttxCertNo()
SSLSocketFactory
in setting up a HttxURLConnection
.
null
when not set.public static String getSerialString(BigInteger serial)
BigInteger
certificate serial number
into a String
of the form 89:ab:12
.
serial
- the serial number to convert, null
becomes
"none"
String
representation of the certificate serial
number, or "none"
when not set.public boolean getMaskHttps()
maskHttps
.
boolean
value of private field maskHttps
HTTPS_PROP
public boolean getUseHttps()
useHttps
.
boolean
value of private field useHttps
HTTPS_PROP
public boolean getUseHttx()
useHttx
.
boolean
value of private field useHttx
HTTPS_PROP
public static void setShowSuccess(boolean show)
showSuccess
.
show
- boolean
to put into private
showSuccess
field.SUCCESS_PROP
,
getShowSuccess()
public static boolean getShowSuccess()
showSuccess
.
boolean
value of private field showSuccess
SUCCESS_PROP
,
setShowSuccess(boolean)
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
nl.nikhef.slcshttps | Mischa Sallé - msalle(AT)nikhef.nl |