nl.nikhef.slcshttps
Class CAHttps

java.lang.Object
  extended by nl.nikhef.slcshttps.CAHttps
Direct Known Subclasses:
PKCS12Https, SURFCAHttps

public abstract class CAHttps
extends Object

Abstract class for communication to a Certificate Authority (CA), an implementation should include methods to initialize (e.g authenticate at an Online CA) and to retrieve and store a certificate. It further includes methods to set and reset the default SSLSocketFactory. Setting this means that it will be used for all SSL connections which will be set up afterwards. All cryptographic objects such as keypairs, CSRs and certificates are stored in a CryptoStore object. There is support for both HttpsURLConnection and for HttxURLConnection, either independently or combined. The behaviour can be driven using the property "nl.nikhef.slcshttps.https".

Version:
0.3
Author:
Mischa Sallé

Field Summary
private static BigInteger CAHttpsCertNo
          The serial number for the currently used client side certificate in HttpsURLConnection, can be retrieved using getCAHttpsCertNo().
private static BigInteger CAHttxCertNo
          The serial number for the currently used client side certificate in HttxURLConnection, can be retrieved using getCAHttxCertNo().
(package private)  CryptoStore cryptoStore
          Contains, among others, the keypair, Certificate Signing Request (CSR), certificate.
private static SSLSocketFactory defaultHttpsSSLSocketFactory
          The default SSLSocketFactory for a HttpsURLConnection, so that we can revert to it.
private static SSLSocketFactory defaultHttxSSLSocketFactory
          The default SSLSocketFactory for a HttxURLConnection, so that we can revert to it.
static String HTTPS_PROP
          Property "nl.nikhef.slcshttps.https" defines whether to use the client side certificate for HttxURLConnection and/or HttpsURLConnection.
private static boolean maskHttps
          Is true when property "nl.nikhef.slcshttps.https" equals mask.
(package private) static boolean showSuccess
          Is equal to the value of "nl.nikhef.slcshttps.acknowledge" when the latter is set, or defaults to true.
static String SUCCESS_PROP
          Property "nl.nikhef.slcshttps.acknowledge" defines whether to acknowledge successful certificate import, download etc.
private static boolean useHttps
          Is true when property "nl.nikhef.slcshttps.https" does NOT equal httx.
private static boolean useHttx
          Is true when property "nl.nikhef.slcshttps.https" does NOT equal https.
 
Constructor Summary
CAHttps()
          Constructs a default CAHttps, this is the same as CAHttps(boolean) with the value true.
CAHttps(boolean initCSR)
          Constructs a default CAHttps with or without creating a Certificate Signing Request (CSR) in the internal CryptoStore.
CAHttps(PrintStream myErr, PrintStream myOut, InputStream myIn)
          constructs a default CAHttps and changes stdout/stdin to the streams specified.
CAHttps(PrintStream myErr, PrintStream myOut, InputStream myIn, boolean initCSR)
          constructs a default CAHttps, changes stdout/stdin to the streams specified, with or without creating a Certificate Signing Request (CSR) in the internal CryptoStore.
 
Method Summary
 BigInteger getCAHttpsCertNo()
          method to return the serial number of the certificate used by the SSLSocketFactory in setting up a HttpsURLConnection.
 BigInteger getCAHttxCertNo()
          method to return the serial number of the certificate used by the SSLSocketFactory in setting up a HttxURLConnection.
 X509Certificate getCertificate()
          Method to get the X509Certificate currently in the internal CryptoStore.
 boolean getMaskHttps()
          Getter method for private maskHttps.
static String getSerialString(BigInteger serial)
          method to convert a BigInteger certificate serial number into a String of the form 89:ab:12.
static boolean getShowSuccess()
          Getter method for private showSuccess.
 boolean getUseHttps()
          Getter method for private useHttps.
 boolean getUseHttx()
          Getter method for private useHttx.
abstract  void initialize(String initString)
          Abstract method to initialize the communication with the CA.
 void resetHttpsSSLSocketFactory()
          method to restore the default SSLSocketFactory for HttpsURLConnection to its startup default.
 void resetHttxSSLSocketFactory()
          method to restore the default SSLSocketFactory for HttxURLConnection to its startup default.
 void resetSSLSocketFactory()
          method to restore the default SSLSocketFactory for HttpsURLConnection and/or HttpsURLConnection to their startup defaults.
 void setHttpsSSLSocketFactory()
          method to change the default SSLSocketFactory for HttpsURLConnection such that it uses the certificate for client side authentication.
 void setHttxSSLSocketFactory()
          method to change the default SSLSocketFactory for HttxURLConnection such that it uses the certificate for client side authentication.
static void setShowSuccess(boolean show)
          Setter method for private showSuccess.
 void setSSLSocketFactory()
          method to change the default SSLSocketFactory for HttxURLConnection and/or HttpsURLConnection such that they use the certificate for client side authentication.
abstract  void storeCertificate(String storeString)
          Abstract method to get certificate at CA and store it in the internal CryptoStore.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

defaultHttpsSSLSocketFactory

private static SSLSocketFactory defaultHttpsSSLSocketFactory
The default SSLSocketFactory for a HttpsURLConnection, so that we can revert to it.


defaultHttxSSLSocketFactory

private static SSLSocketFactory defaultHttxSSLSocketFactory
The default SSLSocketFactory for a HttxURLConnection, so that we can revert to it.


CAHttpsCertNo

private static BigInteger CAHttpsCertNo
The serial number for the currently used client side certificate in HttpsURLConnection, can be retrieved using getCAHttpsCertNo().


CAHttxCertNo

private static BigInteger CAHttxCertNo
The serial number for the currently used client side certificate in HttxURLConnection, can be retrieved using getCAHttxCertNo().


HTTPS_PROP

public static final String HTTPS_PROP
Property "nl.nikhef.slcshttps.https" defines whether to use the client side certificate for HttxURLConnection and/or HttpsURLConnection. Valid options are

See Also:
Constant Field Values

useHttps

private static boolean useHttps
Is true when property "nl.nikhef.slcshttps.https" does NOT equal httx.


useHttx

private static boolean useHttx
Is true when property "nl.nikhef.slcshttps.https" does NOT equal https.


maskHttps

private static boolean maskHttps
Is true when property "nl.nikhef.slcshttps.https" equals mask.


SUCCESS_PROP

public static final String SUCCESS_PROP
Property "nl.nikhef.slcshttps.acknowledge" defines whether to acknowledge successful certificate import, download etc. Valid options are true or false.

See Also:
getShowSuccess(), setShowSuccess(boolean), Constant Field Values

showSuccess

static boolean showSuccess
Is equal to the value of "nl.nikhef.slcshttps.acknowledge" when the latter is set, or defaults to true.


cryptoStore

CryptoStore cryptoStore
Contains, among others, the keypair, Certificate Signing Request (CSR), certificate. Note that it needs to package private, since implementing classes need to access it.

Constructor Detail

CAHttps

public CAHttps()
        throws KeyStoreException
Constructs a default CAHttps, this is the same as CAHttps(boolean) with the value true.

Throws:
KeyStoreException - when initializing the internal CryptoStore failed.
See Also:
CAHttps(boolean)

CAHttps

public CAHttps(boolean initCSR)
        throws KeyStoreException
Constructs a default CAHttps with or without creating a Certificate Signing Request (CSR) in the internal CryptoStore.

Parameters:
initCSR - whether to initialize a Certificate Signing Request (CSR) within the internal CryptoStore.
Throws:
KeyStoreException - when initializing the internal CryptoStore failed.

CAHttps

public CAHttps(PrintStream myErr,
               PrintStream myOut,
               InputStream myIn)
        throws KeyStoreException
constructs a default CAHttps and changes stdout/stdin to the streams specified.

Parameters:
myErr - use this stream instead of stderr, null for stderr
myOut - use this stream instead of stdout, null for stdout.
myIn - use this stream instead of stdin, null for stdin.
Throws:
KeyStoreException
See Also:
CAHttps()

CAHttps

public CAHttps(PrintStream myErr,
               PrintStream myOut,
               InputStream myIn,
               boolean initCSR)
        throws KeyStoreException
constructs a default CAHttps, changes stdout/stdin to the streams specified, with or without creating a Certificate Signing Request (CSR) in the internal CryptoStore.

Parameters:
myErr - use this stream instead of stderr, null for stderr
myOut - use this stream instead of stdout, null for stdout.
myIn - use this stream instead of stdin, null for stdin.
initCSR - whether to initialize a Certificate Signing Request (CSR) within the internal CryptoStore.
Throws:
KeyStoreException
Method Detail

initialize

public abstract void initialize(String initString)
                         throws IOException
Abstract method to initialize the communication with the CA. This could be authenticating in case of an Online CA or choosing a file in the case of file import.

Parameters:
initString - String some string to use for initialization.
Throws:
IOException - upon error.

storeCertificate

public abstract void storeCertificate(String storeString)
                               throws IOException,
                                      CertificateException,
                                      KeyStoreException,
                                      KeyManagementException
Abstract method to get certificate at CA and store it in the internal CryptoStore.

Parameters:
storeString - String some string to use for retrieving the Certificate.
Throws:
IOException - if communication goes wrong
CertificateException - if no valid certificate is returned
KeyStoreException - if the certificate cannot be stored in the CryptoStore.
KeyManagementException - when using the certificate somehow fails.

getCertificate

public X509Certificate getCertificate()
                               throws KeyStoreException
Method to get the X509Certificate currently in the internal CryptoStore.

Returns:
X509Certificate in the internal CryptoStore.
Throws:
KeyStoreException

setHttpsSSLSocketFactory

public void setHttpsSSLSocketFactory()
                              throws KeyStoreException,
                                     KeyManagementException
method to change the default SSLSocketFactory for HttpsURLConnection such that it uses the certificate for client side authentication.

Throws:
KeyStoreException - when the initialization of the CryptoSSL with the CryptoStore failed.
KeyManagementException - in case of problems setting up the default SSLSocketFactory.
See Also:
setSSLSocketFactory(), resetHttpsSSLSocketFactory()

resetHttpsSSLSocketFactory

public void resetHttpsSSLSocketFactory()
                                throws KeyManagementException
method to restore the default SSLSocketFactory for HttpsURLConnection to its startup default.

Throws:
SecurityException - if permission to change is denied.
KeyManagementException - in other cases the change is not possible.
See Also:
HttpsURLConnection.setDefaultSSLSocketFactory(SSLSocketFactory)

setHttxSSLSocketFactory

public void setHttxSSLSocketFactory()
                             throws KeyStoreException,
                                    KeyManagementException
method to change the default SSLSocketFactory for HttxURLConnection such that it uses the certificate for client side authentication.

Throws:
KeyStoreException - when the initialization of the CryptoSSL with the CryptoStore failed.
KeyManagementException - in case of problems setting up the default SSLSocketFactory.
See Also:
setSSLSocketFactory(), resetHttxSSLSocketFactory()

resetHttxSSLSocketFactory

public void resetHttxSSLSocketFactory()
                               throws KeyManagementException
method to restore the default SSLSocketFactory for HttxURLConnection to its startup default.

Throws:
SecurityException - if permission to change is denied.
KeyManagementException - in other cases the change is not possible.
See Also:
HttxURLConnection.setDefaultSSLSocketFactory(SSLSocketFactory)

setSSLSocketFactory

public void setSSLSocketFactory()
                         throws KeyStoreException,
                                KeyManagementException
method to change the default SSLSocketFactory for HttxURLConnection and/or HttpsURLConnection such that they use the certificate for client side authentication.

Throws:
KeyStoreException - when the initialization of the CryptoSSL with the CryptoStore failed.
KeyManagementException - in case of problems setting up the default SSLSocketFactory.
See Also:
resetSSLSocketFactory(), HTTPS_PROP

resetSSLSocketFactory

public void resetSSLSocketFactory()
                           throws KeyManagementException
method to restore the default SSLSocketFactory for HttpsURLConnection and/or HttpsURLConnection to their startup defaults.

Throws:
SecurityException - if permission to change is denied.
KeyManagementException - in other cases the change is not possible.
See Also:
HTTPS_PROP

getCAHttpsCertNo

public BigInteger getCAHttpsCertNo()
method to return the serial number of the certificate used by the SSLSocketFactory in setting up a HttpsURLConnection.

Returns:
serial number of the certificate or null when not set.

getCAHttxCertNo

public BigInteger getCAHttxCertNo()
method to return the serial number of the certificate used by the SSLSocketFactory in setting up a HttxURLConnection.

Returns:
serial number of the certificate or null when not set.

getSerialString

public static String getSerialString(BigInteger serial)
method to convert a BigInteger certificate serial number into a String of the form 89:ab:12.

Parameters:
serial - the serial number to convert, null becomes "none"
Returns:
String representation of the certificate serial number, or "none" when not set.

getMaskHttps

public boolean getMaskHttps()
Getter method for private maskHttps.

Returns:
boolean value of private field maskHttps
See Also:
HTTPS_PROP

getUseHttps

public boolean getUseHttps()
Getter method for private useHttps.

Returns:
boolean value of private field useHttps
See Also:
HTTPS_PROP

getUseHttx

public boolean getUseHttx()
Getter method for private useHttx.

Returns:
boolean value of private field useHttx
See Also:
HTTPS_PROP

setShowSuccess

public static void setShowSuccess(boolean show)
Setter method for private showSuccess.

Parameters:
show - boolean to put into private showSuccess field.
See Also:
SUCCESS_PROP, getShowSuccess()

getShowSuccess

public static boolean getShowSuccess()
Getter method for private showSuccess.

Returns:
boolean value of private field showSuccess
See Also:
SUCCESS_PROP, setShowSuccess(boolean)


nl.nikhef.slcshttps Mischa Sallé - msalle(AT)nikhef.nl