nl.nikhef.slcshttps
Class CAHttps

java.lang.Object
  nl.nikhef.slcshttps.CAHttps

Direct Known Subclasses:

PKCS12Https, SURFCAHttps

public abstract class CAHttps
extends Object

Abstract class for communication to a Certificate Authority (CA), an implementation should include methods to initialize (e.g authenticate at an Online CA) and to retrieve and store a certificate. It further includes methods to set and reset the default SSLSocketFactory. Setting this means that it will be used for all SSL connections which will be set up afterwards. All cryptographic objects such as keypairs, CSRs and certificates are stored in a CryptoStore object. There is support for both HttpsURLConnection and for HttxURLConnection, either independently or combined. The behaviour can be driven using the property "nl.nikhef.slcshttps.https".

Version:

0.3

Author:

Mischa Sallé

Field Summary

private static BigInteger	CAHttpsCertNo The serial number for the currently used client side certificate in HttpsURLConnection, can be retrieved using getCAHttpsCertNo().
private static BigInteger	CAHttxCertNo The serial number for the currently used client side certificate in HttxURLConnection, can be retrieved using getCAHttxCertNo().
(package private) CryptoStore	cryptoStore Contains, among others, the keypair, Certificate Signing Request (CSR), certificate.
private static SSLSocketFactory	defaultHttpsSSLSocketFactory The default SSLSocketFactory for a HttpsURLConnection, so that we can revert to it.
private static SSLSocketFactory	defaultHttxSSLSocketFactory The default SSLSocketFactory for a HttxURLConnection, so that we can revert to it.
static String	HTTPS_PROP Property "nl.nikhef.slcshttps.https" defines whether to use the client side certificate for HttxURLConnection and/or HttpsURLConnection.
private static boolean	maskHttps Is true when property "nl.nikhef.slcshttps.https" equals mask.
(package private) static boolean	showSuccess Is equal to the value of "nl.nikhef.slcshttps.acknowledge" when the latter is set, or defaults to true.
static String	SUCCESS_PROP Property "nl.nikhef.slcshttps.acknowledge" defines whether to acknowledge successful certificate import, download etc.
private static boolean	useHttps Is true when property "nl.nikhef.slcshttps.https" does NOT equal httx.
private static boolean	useHttx Is true when property "nl.nikhef.slcshttps.https" does NOT equal https.

Constructor Summary

CAHttps()
Constructs a default CAHttps, this is the same as CAHttps(boolean) with the value true.

CAHttps(boolean initCSR)
Constructs a default CAHttps with or without creating a Certificate Signing Request (CSR) in the internal CryptoStore.

CAHttps(PrintStream myErr, PrintStream myOut, InputStream myIn)
constructs a default CAHttps and changes stdout/stdin to the streams specified.

CAHttps(PrintStream myErr, PrintStream myOut, InputStream myIn, boolean initCSR)
constructs a default CAHttps, changes stdout/stdin to the streams specified, with or without creating a Certificate Signing Request (CSR) in the internal CryptoStore.

Method Summary

BigInteger	getCAHttpsCertNo() method to return the serial number of the certificate used by the SSLSocketFactory in setting up a HttpsURLConnection.
BigInteger	getCAHttxCertNo() method to return the serial number of the certificate used by the SSLSocketFactory in setting up a HttxURLConnection.
X509Certificate	getCertificate() Method to get the X509Certificate currently in the internal CryptoStore.
boolean	getMaskHttps() Getter method for private maskHttps.
static String	getSerialString(BigInteger serial) method to convert a BigInteger certificate serial number into a String of the form 89:ab:12.
static boolean	getShowSuccess() Getter method for private showSuccess.
boolean	getUseHttps() Getter method for private useHttps.
boolean	getUseHttx() Getter method for private useHttx.
abstract void	initialize(String initString) Abstract method to initialize the communication with the CA.
void	resetHttpsSSLSocketFactory() method to restore the default SSLSocketFactory for HttpsURLConnection to its startup default.
void	resetHttxSSLSocketFactory() method to restore the default SSLSocketFactory for HttxURLConnection to its startup default.
void	resetSSLSocketFactory() method to restore the default SSLSocketFactory for HttpsURLConnection and/or HttpsURLConnection to their startup defaults.
void	setHttpsSSLSocketFactory() method to change the default SSLSocketFactory for HttpsURLConnection such that it uses the certificate for client side authentication.
void	setHttxSSLSocketFactory() method to change the default SSLSocketFactory for HttxURLConnection such that it uses the certificate for client side authentication.
static void	setShowSuccess(boolean show) Setter method for private showSuccess.
void	setSSLSocketFactory() method to change the default SSLSocketFactory for HttxURLConnection and/or HttpsURLConnection such that they use the certificate for client side authentication.
abstract void	storeCertificate(String storeString) Abstract method to get certificate at CA and store it in the internal CryptoStore.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

defaultHttpsSSLSocketFactory

private static SSLSocketFactory defaultHttpsSSLSocketFactory

The default SSLSocketFactory for a HttpsURLConnection, so that we can revert to it.

defaultHttxSSLSocketFactory

private static SSLSocketFactory defaultHttxSSLSocketFactory

The default SSLSocketFactory for a HttxURLConnection, so that we can revert to it.

CAHttpsCertNo

private static BigInteger CAHttpsCertNo

The serial number for the currently used client side certificate in HttpsURLConnection, can be retrieved using getCAHttpsCertNo().

CAHttxCertNo

private static BigInteger CAHttxCertNo

The serial number for the currently used client side certificate in HttxURLConnection, can be retrieved using getCAHttxCertNo().

HTTPS_PROP

public static final String HTTPS_PROP

Property "nl.nikhef.slcshttps.https" defines whether to use the client side certificate for HttxURLConnection and/or HttpsURLConnection. Valid options are

• https set client cert only for HttpsURLConnection
• httx set client cert only for HttxURLConnection
• both set client cert for both
• mask set client cert for both but only show feedback etc for HttxURLConnection (default)

See Also:

Constant Field Values

useHttps

private static boolean useHttps

Is true when property "nl.nikhef.slcshttps.https" does NOT equal httx.

useHttx

private static boolean useHttx

Is true when property "nl.nikhef.slcshttps.https" does NOT equal https.

maskHttps

private static boolean maskHttps

Is true when property "nl.nikhef.slcshttps.https" equals mask.

SUCCESS_PROP

public static final String SUCCESS_PROP

Property "nl.nikhef.slcshttps.acknowledge" defines whether to acknowledge successful certificate import, download etc. Valid options are true or false.

See Also:

getShowSuccess(), setShowSuccess(boolean), Constant Field Values

showSuccess

static boolean showSuccess

Is equal to the value of "nl.nikhef.slcshttps.acknowledge" when the latter is set, or defaults to true.

cryptoStore

CryptoStore cryptoStore

Contains, among others, the keypair, Certificate Signing Request (CSR), certificate. Note that it needs to package private, since implementing classes need to access it.

Constructor Detail

CAHttps

public CAHttps()
        throws KeyStoreException

Constructs a default CAHttps, this is the same as CAHttps(boolean) with the value true.

Throws:

KeyStoreException - when initializing the internal CryptoStore failed.

See Also:

CAHttps(boolean)

CAHttps

public CAHttps(boolean initCSR)
        throws KeyStoreException

Constructs a default CAHttps with or without creating a Certificate Signing Request (CSR) in the internal CryptoStore.

Parameters:

initCSR - whether to initialize a Certificate Signing Request (CSR) within the internal CryptoStore.

Throws:

KeyStoreException - when initializing the internal CryptoStore failed.

CAHttps

public CAHttps(PrintStream myErr,
               PrintStream myOut,
               InputStream myIn)
        throws KeyStoreException

constructs a default CAHttps and changes stdout/stdin to the streams specified.

Parameters:

myErr - use this stream instead of stderr, null for stderr

myOut - use this stream instead of stdout, null for stdout.

myIn - use this stream instead of stdin, null for stdin.

Throws:

KeyStoreException

See Also:

CAHttps()

CAHttps

public CAHttps(PrintStream myErr,
               PrintStream myOut,
               InputStream myIn,
               boolean initCSR)
        throws KeyStoreException

constructs a default CAHttps, changes stdout/stdin to the streams specified, with or without creating a Certificate Signing Request (CSR) in the internal CryptoStore.

Parameters:

myErr - use this stream instead of stderr, null for stderr

myOut - use this stream instead of stdout, null for stdout.

myIn - use this stream instead of stdin, null for stdin.

initCSR - whether to initialize a Certificate Signing Request (CSR) within the internal CryptoStore.

Throws:

KeyStoreException

Method Detail

initialize

public abstract void initialize(String initString)
                         throws IOException

Abstract method to initialize the communication with the CA. This could be authenticating in case of an Online CA or choosing a file in the case of file import.

Parameters:

initString - String some string to use for initialization.

Throws:

IOException - upon error.

storeCertificate

public abstract void storeCertificate(String storeString)
                               throws IOException,
                                      CertificateException,
                                      KeyStoreException,
                                      KeyManagementException

Abstract method to get certificate at CA and store it in the internal CryptoStore.

Parameters:

storeString - String some string to use for retrieving the Certificate.

Throws:

IOException - if communication goes wrong

CertificateException - if no valid certificate is returned

KeyStoreException - if the certificate cannot be stored in the CryptoStore.

KeyManagementException - when using the certificate somehow fails.

getCertificate

public X509Certificate getCertificate()
                               throws KeyStoreException

Method to get the X509Certificate currently in the internal CryptoStore.

Returns:

X509Certificate in the internal CryptoStore.

Throws:

KeyStoreException

setHttpsSSLSocketFactory

public void setHttpsSSLSocketFactory()
                              throws KeyStoreException,
                                     KeyManagementException

method to change the default SSLSocketFactory for HttpsURLConnection such that it uses the certificate for client side authentication.

Throws:

KeyStoreException - when the initialization of the CryptoSSL with the CryptoStore failed.

KeyManagementException - in case of problems setting up the default SSLSocketFactory.

See Also:

setSSLSocketFactory(), resetHttpsSSLSocketFactory()

resetHttpsSSLSocketFactory

public void resetHttpsSSLSocketFactory()
                                throws KeyManagementException

method to restore the default SSLSocketFactory for HttpsURLConnection to its startup default.

Throws:

SecurityException - if permission to change is denied.

KeyManagementException - in other cases the change is not possible.

See Also:

HttpsURLConnection.setDefaultSSLSocketFactory(SSLSocketFactory)

setHttxSSLSocketFactory

public void setHttxSSLSocketFactory()
                             throws KeyStoreException,
                                    KeyManagementException

method to change the default SSLSocketFactory for HttxURLConnection such that it uses the certificate for client side authentication.

Throws:

KeyStoreException - when the initialization of the CryptoSSL with the CryptoStore failed.

KeyManagementException - in case of problems setting up the default SSLSocketFactory.

See Also:

setSSLSocketFactory(), resetHttxSSLSocketFactory()

resetHttxSSLSocketFactory

public void resetHttxSSLSocketFactory()
                               throws KeyManagementException

method to restore the default SSLSocketFactory for HttxURLConnection to its startup default.

Throws:

SecurityException - if permission to change is denied.

KeyManagementException - in other cases the change is not possible.

See Also:

HttxURLConnection.setDefaultSSLSocketFactory(SSLSocketFactory)

setSSLSocketFactory

public void setSSLSocketFactory()
                         throws KeyStoreException,
                                KeyManagementException

method to change the default SSLSocketFactory for HttxURLConnection and/or HttpsURLConnection such that they use the certificate for client side authentication.

Throws:

KeyStoreException - when the initialization of the CryptoSSL with the CryptoStore failed.

KeyManagementException - in case of problems setting up the default SSLSocketFactory.

See Also:

resetSSLSocketFactory(), HTTPS_PROP

resetSSLSocketFactory

public void resetSSLSocketFactory()
                           throws KeyManagementException

method to restore the default SSLSocketFactory for HttpsURLConnection and/or HttpsURLConnection to their startup defaults.

Throws:

SecurityException - if permission to change is denied.

KeyManagementException - in other cases the change is not possible.

See Also:

HTTPS_PROP

getCAHttpsCertNo

public BigInteger getCAHttpsCertNo()

method to return the serial number of the certificate used by the SSLSocketFactory in setting up a HttpsURLConnection.

Returns:

serial number of the certificate or null when not set.

getCAHttxCertNo

public BigInteger getCAHttxCertNo()

method to return the serial number of the certificate used by the SSLSocketFactory in setting up a HttxURLConnection.

Returns:

serial number of the certificate or null when not set.

getSerialString

public static String getSerialString(BigInteger serial)

method to convert a BigInteger certificate serial number into a String of the form 89:ab:12.

Parameters:

serial - the serial number to convert, null becomes "none"

Returns:

String representation of the certificate serial number, or "none" when not set.

getMaskHttps

public boolean getMaskHttps()

Getter method for private maskHttps.

Returns:

boolean value of private field maskHttps

See Also:

HTTPS_PROP

getUseHttps

public boolean getUseHttps()

Getter method for private useHttps.

Returns:

boolean value of private field useHttps

See Also:

HTTPS_PROP

getUseHttx

public boolean getUseHttx()

Getter method for private useHttx.

Returns:

boolean value of private field useHttx

See Also:

HTTPS_PROP

setShowSuccess

public static void setShowSuccess(boolean show)

Setter method for private showSuccess.

Parameters:

show - boolean to put into private showSuccess field.

See Also:

SUCCESS_PROP, getShowSuccess()

getShowSuccess

public static boolean getShowSuccess()

Getter method for private showSuccess.

Returns:

boolean value of private field showSuccess

See Also:

SUCCESS_PROP, setShowSuccess(boolean)