Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD

iaik.security.ssl
Class SSLServerContext

java.lang.Object
  |
  +--iaik.security.ssl.SSLContext
        |
        +--iaik.security.ssl.SSLClientContext
              |
              +--iaik.security.ssl.SSLServerContext
public class SSLServerContext
extends SSLClientContext
implements java.lang.Cloneable

This class extends the SSLContext to add client related information to an SSL/TLS policy.

Note that there is a separate document about the iSaSiLk authentication framework, see your installation directory.

See Also:
SSLContext

Field Summary
static CipherSuite[] anon
          Deprecated. use CipherSuite.CS_DH_ANON instead
static CipherSuite[] dh_dss
          Deprecated. use CipherSuite.CS_DH_DSS instead
static CipherSuite[] dh_rsa
          Deprecated. use CipherSuite.CS_DH_RSA instead
static CipherSuite[] dhe_dss
          Deprecated. use CipherSuite.CS_DHE_DSS instead
static CipherSuite[] dhe_rsa
          Deprecated. use CipherSuite.CS_DHE_RSA instead
static CipherSuite[] rsa
          Deprecated. use CipherSuite.CS_RSA instead
static CipherSuite[] rsa_export
          Deprecated. use CipherSuite.CS_RSA_EXPORT instead
 
Fields inherited from class iaik.security.ssl.SSLContext
CERTTYPE_DSS_FIXED_DH, CERTTYPE_DSS_SIGN, CERTTYPE_RSA_FIXED_DH, CERTTYPE_RSA_SIGN, CERTTYPE_UNKNOWN, LIBRARY_VERSION, LIBRARY_VERSION_STRING, VERSION_NOT_CONNECTED, VERSION_SSL20, VERSION_SSL30, VERSION_TLS10
 
Constructor Summary
SSLServerContext()
          Create a default SSLServerContext.
SSLServerContext(SecureRandom random)
          Create a default SSLServerContext with a specific random number generator.
SSLServerContext(SSLServerContext other)
          Create an SSLServerContext cloning another context.
 
Method Summary
 void addServerCredentials(KeyAndCert keyAndCert)
          Add some server credentials.
 void addServerCredentials(X509Certificate[] chain, PrivateKey key)
          Add some server credentials.
 void addTemporaryParameter(DHParameterSpec spec)
          Add temporary Diffie-Hellman parameters.
 void addTemporaryParameter(KeyPair keyPair)
          Add a temporary RSA KeyPair.
 void clearServerCredentials()
          Clear the server credentials database.
 java.lang.Object clone()
          Implements the Cloneable interface.
 int[] getAllowedCertificateTypes()
          Get the certificate types to allow for client authentication.
 boolean getRequestClientCertificate()
          Returns wheter a SSLSocket which uses this SSLContext requests a certificate from the client.
 boolean getRequireClientCertificate()
          Deprecated. use getRequestClientCertificate() instead
 KeyAndCert getServerCredentials(int certType)
          Get the server credentials of a particular type.
 void setAllowedCertificateTypes(int[] types)
          Set the certificate types to allow for client authentication.
 void setAllowedProtocolVersions(int minimumVersion, int maximumVersion)
          Set the SSL/TLS protocol versions to be accepted during the handshake.
 void setDHCertificate(Certificate[] certificateChain, PrivateKey privateKey)
          Deprecated. use addServerCredentials() instead
 void setDHParameter(DHParameterSpec dhParameter)
          Deprecated. use addTemporaryParameter() instead
 void setDSACertificate(Certificate[] certificateChain, PrivateKey privateKey)
          Deprecated. use addServerCredentials() instead
 void setRequestClientCertificate(boolean value)
          Set whether or not to request client authentication during the handshake.
 void setRequireClientCertificate(byte[] certificateTypes, Principal[] certificateAuthorities)
          Deprecated. use setRequestClientCertificate() instead
 void setRSACertificate(Certificate[] certificateChain, PrivateKey privateKey)
          Deprecated. use addServerCredentials() instead
 void setRSATempKeyPair(KeyPair tempKeyPair)
          Deprecated. use addTemporaryParameter() instead
 java.lang.String toString()
          Returns a string representation of this SSLContext.
 void updateCipherSuites()
          Update the list of currently enabled ciphersuites based on the certificates available.
 
Methods inherited from class iaik.security.ssl.SSLClientContext
addClientCredentials, addClientCredentials, clearClientCredentials, getClientCredentials, setCheckExportRestrictions
 
Methods inherited from class iaik.security.ssl.SSLContext
addTrustedCertificate, convertCertificateChain, getAllowedProtocolVersions, getCacheTerminatedSessions, getChainVerifier, getDebugStream, getEnabledCipherSuiteList, getEnabledCipherSuites, getEnabledCompressionMethods, getRandomGenerator, getSessionManager, getTrustDecider, setCacheTerminatedSessions, setChainVerifier, setDebugStream, setDebugStream, setEnabledCipherSuiteList, setEnabledCipherSuites, setEnabledCompressionMethods, setRandomGenerator, setSessionManager, setTrustDecider
 
Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

rsa

public static final CipherSuite[] rsa
Deprecated. use CipherSuite.CS_RSA instead

rsa_export

public static final CipherSuite[] rsa_export
Deprecated. use CipherSuite.CS_RSA_EXPORT instead

dhe_rsa

public static final CipherSuite[] dhe_rsa
Deprecated. use CipherSuite.CS_DHE_RSA instead

dhe_dss

public static final CipherSuite[] dhe_dss
Deprecated. use CipherSuite.CS_DHE_DSS instead

dh_rsa

public static final CipherSuite[] dh_rsa
Deprecated. use CipherSuite.CS_DH_RSA instead

dh_dss

public static final CipherSuite[] dh_dss
Deprecated. use CipherSuite.CS_DH_DSS instead

anon

public static final CipherSuite[] anon
Deprecated. use CipherSuite.CS_DH_ANON instead

Constructor Detail

SSLServerContext

public SSLServerContext()
Create a default SSLServerContext.

SSLServerContext

public SSLServerContext(SecureRandom random)
Create a default SSLServerContext with a specific random number generator.

SSLServerContext

public SSLServerContext(SSLServerContext other)
Create an SSLServerContext cloning another context.
Method Detail

getAllowedCertificateTypes

public int[] getAllowedCertificateTypes()
Get the certificate types to allow for client authentication. This is an array containing one or more of the certificate types defined in SSLContext. By default all types of certificates are enabled.

setAllowedCertificateTypes

public void setAllowedCertificateTypes(int[] types)
Set the certificate types to allow for client authentication. Typically there is no need for an application to restrict the certificate types.

clearServerCredentials

public void clearServerCredentials()
Clear the server credentials database.

addServerCredentials

public void addServerCredentials(X509Certificate[] chain,
                                 PrivateKey key)
Add some server credentials. These are automatically added to the server credentials database replacing previously set credentials of the same type.

addServerCredentials

public void addServerCredentials(KeyAndCert keyAndCert)
Add some server credentials. These are automatically added to the server credentials database replacing previously set credentials of the same type.

getServerCredentials

public KeyAndCert getServerCredentials(int certType)
Get the server credentials of a particular type. If no available a NullPointerException is thrown.

updateCipherSuites

public void updateCipherSuites()
Update the list of currently enabled ciphersuites based on the certificates available. This method will take the list of currently enabled ciphersuites in this context and disable all that cannot be used because the required certificates or keys are not available.

Note that the semantics of this method were changed in 3.0. Previously this method would enable all ciphersuites that were available, now all currently enabled ciphersuites that are not available are disabled.

Overrides:
updateCipherSuites in class SSLContext

addTemporaryParameter

public void addTemporaryParameter(KeyPair keyPair)
Add a temporary RSA KeyPair. Temporary RSA keypairs are used with exportable RSA ciphersuites. The keys should be either 512 or 1024 bit long. If none are set but needed during the handshake a keypair is generated on the fly.

addTemporaryParameter

public void addTemporaryParameter(DHParameterSpec spec)
Add temporary Diffie-Hellman parameters. Temporary Diffie-Hellman parameters are required for DHE ciphersuites. There are three temporary parameters, one for export ciphersuites (512 bit), one for export 1024 ciphersuites (1024 bit), and on for domestic ciphersuites (no limit). If not set defaults of 512 and 1024 bit are used.

setRequestClientCertificate

public void setRequestClientCertificate(boolean value)
Set whether or not to request client authentication during the handshake. If enabled the current ChainVerifier is called during the handshake to verify if the provided credentials are acceptable. It has the option to accept clients that send no certificates as well.
See Also:
ChainVerifier

getRequestClientCertificate

public boolean getRequestClientCertificate()
Returns wheter a SSLSocket which uses this SSLContext requests a certificate from the client.

setAllowedProtocolVersions

public void setAllowedProtocolVersions(int minimumVersion,
                                       int maximumVersion)
Description copied from class: SSLContext
Set the SSL/TLS protocol versions to be accepted during the handshake. You normally will not need this method as the SSL handshake makes sure that always the highest protocol version supported by both the client and the server is selected. However, you may want to use this method if

The parameters passed should be from the VERSION_xxx list defined in this class. Per default both SSLv3 and TLS are enabled, SSLv2 is disabled.

If you want to enable e.g. SSLv2, SSLv3, and TLS use setAllowedProtocolVersions(SSLContext.VERSION_SSL20, SSLContext.VERSION_TLS10);.

Overrides:
setAllowedProtocolVersions in class SSLContext

clone

public java.lang.Object clone()
Implements the Cloneable interface.
Overrides:
clone in class SSLClientContext
Tags copied from class: SSLClientContext
Returns:
a clone of this SSLClientContext

toString

public java.lang.String toString()
Returns a string representation of this SSLContext.
Overrides:
toString in class SSLContext
Tags copied from class: SSLContext
Returns:
a string representation

setRequireClientCertificate

public void setRequireClientCertificate(byte[] certificateTypes,
                                        Principal[] certificateAuthorities)
Deprecated. use setRequestClientCertificate() instead

setRSACertificate

public void setRSACertificate(Certificate[] certificateChain,
                              PrivateKey privateKey)
                       throws CertificateException
Deprecated. use addServerCredentials() instead

setDSACertificate

public void setDSACertificate(Certificate[] certificateChain,
                              PrivateKey privateKey)
                       throws CertificateException
Deprecated. use addServerCredentials() instead

setDHCertificate

public void setDHCertificate(Certificate[] certificateChain,
                             PrivateKey privateKey)
                      throws CertificateException
Deprecated. use addServerCredentials() instead

setDHParameter

public void setDHParameter(DHParameterSpec dhParameter)
Deprecated. use addTemporaryParameter() instead

setRSATempKeyPair

public void setRSATempKeyPair(KeyPair tempKeyPair)
Deprecated. use addTemporaryParameter() instead

getRequireClientCertificate

public boolean getRequireClientCertificate()
Deprecated. use getRequestClientCertificate() instead

Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD