public final class SSLContext
extends java.lang.Object
| Constructor and Description |
|---|
SSLContext() |
| Modifier and Type | Method and Description |
|---|---|
static void |
clearOptions(long ctx,
int options)
Clears OpenSSL Options.
|
static int |
free(long ctx)
Free the resources used by the Context
|
static long |
make(long pool,
int protocol,
int mode)
Create a new SSL context.
|
static void |
setBIO(long ctx,
long bio,
int dir)
Associate BIOCallback for input or output data capture.
|
static boolean |
setCACertificate(long ctx,
java.lang.String file,
java.lang.String path)
Set File and Directory of concatenated PEM-encoded CA Certificates
for Client Auth
This directive sets the all-in-one file where you can assemble the Certificates of Certification Authorities (CA) whose clients you deal with. |
static boolean |
setCARevocation(long ctx,
java.lang.String file,
java.lang.String path)
Set File of concatenated PEM-encoded CA CRLs or
directory of PEM-encoded CA Certificates for Client Auth
This directive sets the all-in-one file where you can assemble the Certificate Revocation Lists (CRL) of Certification Authorities (CA) whose clients you deal with. |
static boolean |
setCertificate(long ctx,
java.lang.String cert,
java.lang.String key,
java.lang.String password,
int idx)
Set Certificate
Point setCertificateFile at a PEM encoded certificate. |
static boolean |
setCertificateChainFile(long ctx,
java.lang.String file,
boolean skipfirst)
Set File of PEM-encoded Server CA Certificates
This directive sets the optional all-in-one file where you can assemble the certificates of Certification Authorities (CA) which form the certificate chain of the server certificate. |
static boolean |
setCipherSuite(long ctx,
java.lang.String ciphers)
Cipher Suite available for negotiation in SSL handshake.
|
static void |
setContextId(long ctx,
java.lang.String id)
Set Session context id.
|
static void |
setOptions(long ctx,
int options)
Set OpenSSL Option.
|
static void |
setQuietShutdown(long ctx,
boolean mode)
Sets the "quiet shutdown" flag for ctx to be
mode.
|
static void |
setRandom(long ctx,
java.lang.String file)
Set file for randomness
|
static void |
setShutdownType(long ctx,
int type)
Set SSL connection shutdown type
The following levels are available for level: SSL_SHUTDOWN_TYPE_STANDARD SSL_SHUTDOWN_TYPE_UNCLEAN SSL_SHUTDOWN_TYPE_ACCURATE |
static void |
setVerify(long ctx,
int level,
int depth)
Set Type of Client Certificate verification and Maximum depth of CA Certificates
in Client Certificate verification.
|
public static long make(long pool,
int protocol,
int mode)
throws java.lang.Exception
pool - The pool to use.protocol - The SSL protocol to use. It can be any combination of
the following:
SSL.SSL_PROTOCOL_SSLV2SSL.SSL_PROTOCOL_SSLV3SSL.SSL_PROTOCOL_TLSV1SSL.SSL_PROTOCOL_TLSV1_1SSL.SSL_PROTOCOL_TLSV1_2SSL.SSL_PROTOCOL_TLSV1_3SSL.SSL_PROTOCOL_ALL( == all TLS versions, no SSL)
mode - SSL mode to use
SSL_MODE_CLIENT SSL_MODE_SERVER SSL_MODE_COMBINED
java.lang.Exception - If the SSL Context could not be createdpublic static int free(long ctx)
ctx - Server or Client context to free.public static void setContextId(long ctx,
java.lang.String id)
ctx - Context to use.id - String that uniquely identifies this context.public static void setBIO(long ctx,
long bio,
int dir)
[ERROR] -- Critical error messages [WARN] -- Warning messages [INFO] -- Informational messages [DEBUG] -- Debugging messagedCallback can use that word to determine application logging level by intercepting write call. If the bio is set to 0 no error messages will be displayed. Default is to use the stderr output stream.
ctx - Server or Client context to use.bio - BIO handle to use, created with SSL.newBIOdir - BIO direction (1 for input 0 for output).public static void setOptions(long ctx,
int options)
ctx - Server or Client context to use.options - See SSL.SSL_OP_* for option flags.public static void clearOptions(long ctx,
int options)
ctx - Server or Client context to use.options - See SSL.SSL_OP_* for option flags.public static void setQuietShutdown(long ctx,
boolean mode)
ctx - Server or Client context to use.mode - True to set the quiet shutdown.public static boolean setCipherSuite(long ctx,
java.lang.String ciphers)
throws java.lang.Exception
ctx - Server or Client context to use.ciphers - An OpenSSL cipher specification.true if the operation was successfuljava.lang.Exception - An error occurredpublic static boolean setCARevocation(long ctx,
java.lang.String file,
java.lang.String path)
throws java.lang.Exception
ctx - Server or Client context to use.file - File of concatenated PEM-encoded CA CRLs for Client Auth.path - Directory of PEM-encoded CA Certificates for Client Auth.true if the operation was successfuljava.lang.Exception - An error occurredpublic static boolean setCertificateChainFile(long ctx,
java.lang.String file,
boolean skipfirst)
ctx - Server or Client context to use.file - File of PEM-encoded Server CA Certificates.skipfirst - Skip first certificate if chain file is inside
certificate file.true if the operation was successfulpublic static boolean setCertificate(long ctx,
java.lang.String cert,
java.lang.String key,
java.lang.String password,
int idx)
throws java.lang.Exception
ctx - Server or Client context to use.cert - Certificate file.key - Private Key file to use if not in cert.password - Certificate password. If null and certificate
is encrypted, password prompt will be displayed.idx - Certificate index SSL_AIDX_RSA or SSL_AIDX_DSA.true if the operation was successfuljava.lang.Exception - An error occurredpublic static boolean setCACertificate(long ctx,
java.lang.String file,
java.lang.String path)
throws java.lang.Exception
ctx - Server or Client context to use.file - File of concatenated PEM-encoded CA Certificates for
Client Auth.path - Directory of PEM-encoded CA Certificates for Client Auth.true if the operation was successfuljava.lang.Exception - An error occurredpublic static void setRandom(long ctx,
java.lang.String file)
ctx - Server or Client context to use.file - random file.public static void setShutdownType(long ctx,
int type)
SSL_SHUTDOWN_TYPE_STANDARD SSL_SHUTDOWN_TYPE_UNCLEAN SSL_SHUTDOWN_TYPE_ACCURATE
ctx - Server or Client context to use.type - Shutdown type to use.public static void setVerify(long ctx,
int level,
int depth)
SSL_CVERIFY_NONE - No client Certificate is required at all
SSL_CVERIFY_OPTIONAL - The client may present a valid Certificate
SSL_CVERIFY_REQUIRE - The client has to present a valid Certificate
SSL_CVERIFY_OPTIONAL_NO_CA - The client may present a valid Certificate
but it need not to be (successfully) verifiable
setCACertificatePath), etc.ctx - Server or Client context to use.level - Type of Client Certificate verification.depth - Maximum depth of CA Certificates in Client Certificate
verification.Copyright © 2000-2019 Apache Software Foundation. All Rights Reserved.