Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD

iaik.security.ssl
Class SSLClientContext

java.lang.Object
  |
  +--iaik.security.ssl.SSLContext
        |
        +--iaik.security.ssl.SSLClientContext
Direct Known Subclasses:
SSLServerContext
public class SSLClientContext
extends SSLContext
implements java.lang.Cloneable

This class extends the SSLContext to add client related information to an SSL/TLS policy.

Note that there is a separate document about the iSaSiLk authentication framework, see your installation directory.

See Also:
SSLContext

Fields inherited from class iaik.security.ssl.SSLContext
CERTTYPE_DSS_FIXED_DH, CERTTYPE_DSS_SIGN, CERTTYPE_RSA_FIXED_DH, CERTTYPE_RSA_SIGN, CERTTYPE_UNKNOWN, LIBRARY_VERSION, LIBRARY_VERSION_STRING, VERSION_NOT_CONNECTED, VERSION_SSL20, VERSION_SSL30, VERSION_TLS10
 
Constructor Summary
SSLClientContext()
          Create a default SSLContext.
SSLClientContext(SecureRandom random)
          Create a default SSLContext with a specific random number generator.
SSLClientContext(SSLClientContext other)
          Create an SSLClientContext cloning another context.
 
Method Summary
 void addClientCredentials(KeyAndCert keyAndCert)
          Add some client credentials.
 void addClientCredentials(X509Certificate[] chain, PrivateKey key)
          Add some client credentials.
 void clearClientCredentials()
          Clear the database of client credentials.
 java.lang.Object clone()
          Implements the Cloneable interface.
protected  KeyAndCert[] getClientCredentials(Principal[] issuers, byte[] certificateTypes)
          Return all matching client credentials.
 void setCheckExportRestrictions(boolean check)
          Set the export restriction check.
 
Methods inherited from class iaik.security.ssl.SSLContext
addTrustedCertificate, convertCertificateChain, getAllowedProtocolVersions, getCacheTerminatedSessions, getChainVerifier, getDebugStream, getEnabledCipherSuiteList, getEnabledCipherSuites, getEnabledCompressionMethods, getRandomGenerator, getSessionManager, getTrustDecider, setAllowedProtocolVersions, setCacheTerminatedSessions, setChainVerifier, setDebugStream, setDebugStream, setEnabledCipherSuiteList, setEnabledCipherSuites, setEnabledCompressionMethods, setRandomGenerator, setSessionManager, setTrustDecider, toString, updateCipherSuites
 
Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

SSLClientContext

public SSLClientContext()
Create a default SSLContext.

SSLClientContext

public SSLClientContext(SecureRandom random)
Create a default SSLContext with a specific random number generator.
Parameters:
random - the random number generator to use or null for the default SecureRandom

SSLClientContext

public SSLClientContext(SSLClientContext other)
Create an SSLClientContext cloning another context.
Method Detail

clone

public java.lang.Object clone()
Implements the Cloneable interface.
Overrides:
clone in class SSLContext
Returns:
a clone of this SSLClientContext

setCheckExportRestrictions

public void setCheckExportRestrictions(boolean check)
Set the export restriction check. If activated the handshake will check that no keys longer than the keysize limit for exportable ciphersuites are used for key exchange. Disabled by default.

addClientCredentials

public void addClientCredentials(X509Certificate[] chain,
                                 PrivateKey key)
Add some client credentials. The certificate chain must contain the client certificate at index 0. The credentials are added to a database and automatically retrieved via getClientCredentials() if requested by the server.

addClientCredentials

public void addClientCredentials(KeyAndCert keyAndCert)
                          throws java.lang.IllegalArgumentException
Add some client credentials. The credentials are added to a database and automatically retrieved via getClientCredentials() if requested by the server.

clearClientCredentials

public void clearClientCredentials()
Clear the database of client credentials.

getClientCredentials

protected KeyAndCert[] getClientCredentials(Principal[] issuers,
                                            byte[] certificateTypes)
Return all matching client credentials. This method is called during the handshake if a server has requested client authentication. The default implementation will search through the database of available client credentials and return all that match the server request. If the server does not specify particular CAs he trusts all credentials of correct type are returned. Note that credentials that cannot be used because the necessary algorithms are not implemented by the current SecurityProvider are ignored (e.g. DSA credentials if no implementation for RawDSA is available).

This method returns all appropriate credentials or the empty array if no are available. An application may override this method to display a dialog window etc. to the user to allow him select the credentials to use if multiple are available. The library will always use the credentials at index 0 in the returned array. An overridden method may look like this: 

 protected KeyAndCert[] getClientCredentials(Principal[] issuers, byte[] certificateTypes) {
   KeyAndCert[] certs = super.getClientCredentials(issuers, certificateType);
   // allow user to select a certificate or cancel
   if( selected == -1 ) {
     return new KeyAndCert[0];
   } else {
     return new KeyAndCert[] { certs[selected] };
   }
 }
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD