-
JsseESTServiceBuilder
-
socketFactoryCreator: SSLSocketFactoryCreator
-
hostNameAuthorizer: JsseHostnameAuthorizer
-
timeoutMillis: int
-
bindingProvider: ChannelBindingProvider
-
supportedSuites: Set<String>
-
absoluteLimit: Long
-
sslSocketFactoryCreatorBuilder: SSLSocketFactoryCreatorBuilder
-
filterCipherSuites: boolean
-
JsseESTServiceBuilder(String, SSLSocketFactoryCreator): void
-
JsseESTServiceBuilder(String): void
-
JsseESTServiceBuilder(String, X509TrustManager): void
-
JsseESTServiceBuilder(String, X509TrustManager[]): void
-
withHostNameAuthorizer(JsseHostnameAuthorizer): JsseESTServiceBuilder
-
withClientProvider(ESTClientProvider): JsseESTServiceBuilder
-
withTimeout(int): JsseESTServiceBuilder
-
withReadLimit(long): JsseESTServiceBuilder
-
withChannelBindingProvider(ChannelBindingProvider): JsseESTServiceBuilder
-
addCipherSuites(String): JsseESTServiceBuilder
-
addCipherSuites(String[]): JsseESTServiceBuilder
-
withTLSVersion(String): JsseESTServiceBuilder
-
withSecureRandom(SecureRandom): JsseESTServiceBuilder
-
withProvider(String): JsseESTServiceBuilder
-
withProvider(Provider): JsseESTServiceBuilder
-
withKeyManager(KeyManager): JsseESTServiceBuilder
-
withKeyManagers(KeyManager[]): JsseESTServiceBuilder
-
withFilterCipherSuites(boolean): JsseESTServiceBuilder
-
build(): ESTService
-
package org.bouncycastle.est.jcajce;
import java.net.Socket;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import javax.net.ssl.KeyManager;
import javax.net.ssl.X509TrustManager;
import org.bouncycastle.est.ESTClientProvider;
import org.bouncycastle.est.ESTService;
import org.bouncycastle.est.ESTServiceBuilder;
Build an RFC7030 (EST) service based on the JSSE.
/**
* Build an RFC7030 (EST) service based on the JSSE.
*/
public class JsseESTServiceBuilder
extends ESTServiceBuilder
{
protected SSLSocketFactoryCreator socketFactoryCreator;
protected JsseHostnameAuthorizer hostNameAuthorizer = new JsseDefaultHostnameAuthorizer(null);
protected int timeoutMillis = 0;
protected ChannelBindingProvider bindingProvider;
protected Set<String> supportedSuites = new HashSet<String>();
protected Long absoluteLimit;
protected SSLSocketFactoryCreatorBuilder sslSocketFactoryCreatorBuilder;
protected boolean filterCipherSuites = true;
Create a builder for a client using a custom SSLSocketFactoryCreator.
Params: - server – name of the server to talk to (URL format).
- socketFactoryCreator – a custom creator of socket factories.
/**
* Create a builder for a client using a custom SSLSocketFactoryCreator.
*
* @param server name of the server to talk to (URL format).
* @param socketFactoryCreator a custom creator of socket factories.
*/
public JsseESTServiceBuilder(String server, SSLSocketFactoryCreator socketFactoryCreator)
{
super(server);
if (socketFactoryCreator == null)
{
throw new NullPointerException("No socket factory creator.");
}
this.socketFactoryCreator = socketFactoryCreator;
}
Create a builder for a client talking to a server that is not yet trusted.
Params: - server – name of the server to talk to (URL format).
/**
* Create a builder for a client talking to a server that is not yet trusted.
*
* @param server name of the server to talk to (URL format).
*/
public JsseESTServiceBuilder(String server)
{
super(server);
sslSocketFactoryCreatorBuilder = new SSLSocketFactoryCreatorBuilder(JcaJceUtils.getTrustAllTrustManager());
}
Create a builder for a client talking to a trusted server.
Params: - server – name of the server to talk to (URL format).
- trustManager –
/**
* Create a builder for a client talking to a trusted server.
*
* @param server name of the server to talk to (URL format).
* @param trustManager
*/
public JsseESTServiceBuilder(String server, X509TrustManager trustManager)
{
super(server);
sslSocketFactoryCreatorBuilder = new SSLSocketFactoryCreatorBuilder(trustManager);
}
Create a builder for a client talking to a trusted server.
Params: - server – name of the server to talk to (URL format).
- trustManager –
/**
* Create a builder for a client talking to a trusted server.
*
* @param server name of the server to talk to (URL format).
* @param trustManager
*/
public JsseESTServiceBuilder(String server, X509TrustManager[] trustManager)
{
super(server);
sslSocketFactoryCreatorBuilder = new SSLSocketFactoryCreatorBuilder(trustManager);
}
public JsseESTServiceBuilder withHostNameAuthorizer(JsseHostnameAuthorizer hostNameAuthorizer)
{
this.hostNameAuthorizer = hostNameAuthorizer;
return this;
}
public JsseESTServiceBuilder withClientProvider(ESTClientProvider clientProvider)
{
this.clientProvider = clientProvider;
return this;
}
public JsseESTServiceBuilder withTimeout(int timeoutMillis)
{
this.timeoutMillis = timeoutMillis;
return this;
}
public JsseESTServiceBuilder withReadLimit(long absoluteLimit)
{
this.absoluteLimit = absoluteLimit;
return this;
}
public JsseESTServiceBuilder withChannelBindingProvider(ChannelBindingProvider channelBindingProvider)
{
this.bindingProvider = channelBindingProvider;
return this;
}
public JsseESTServiceBuilder addCipherSuites(String name)
{
this.supportedSuites.add(name);
return this;
}
public JsseESTServiceBuilder addCipherSuites(String[] names)
{
this.supportedSuites.addAll(Arrays.asList(names));
return this;
}
public JsseESTServiceBuilder withTLSVersion(String tlsVersion)
{
if (this.socketFactoryCreator != null)
{
throw new IllegalStateException("Socket Factory Creator was defined in the constructor.");
}
this.sslSocketFactoryCreatorBuilder.withTLSVersion(tlsVersion);
return this;
}
public JsseESTServiceBuilder withSecureRandom(SecureRandom secureRandom)
{
if (this.socketFactoryCreator != null)
{
throw new IllegalStateException("Socket Factory Creator was defined in the constructor.");
}
this.sslSocketFactoryCreatorBuilder.withSecureRandom(secureRandom);
return this;
}
Configure this builder to use the provider with the passed in name.
Params: - tlsProviderName – the name JSSE Provider to use.
Throws: - NoSuchProviderException – if the specified provider does not exist.
Returns: the current builder instance.
/**
* Configure this builder to use the provider with the passed in name.
*
* @param tlsProviderName the name JSSE Provider to use.
* @return the current builder instance.
* @throws NoSuchProviderException if the specified provider does not exist.
*/
public JsseESTServiceBuilder withProvider(String tlsProviderName)
throws NoSuchProviderException
{
if (this.socketFactoryCreator != null)
{
throw new IllegalStateException("Socket Factory Creator was defined in the constructor.");
}
this.sslSocketFactoryCreatorBuilder.withProvider(tlsProviderName);
return this;
}
Configure this builder to use the passed in provider.
Params: - tlsProvider – the JSSE Provider to use.
Returns: the current builder instance.
/**
* Configure this builder to use the passed in provider.
*
* @param tlsProvider the JSSE Provider to use.
* @return the current builder instance.
*/
public JsseESTServiceBuilder withProvider(Provider tlsProvider)
{
if (this.socketFactoryCreator != null)
{
throw new IllegalStateException("Socket Factory Creator was defined in the constructor.");
}
this.sslSocketFactoryCreatorBuilder.withProvider(tlsProvider);
return this;
}
public JsseESTServiceBuilder withKeyManager(KeyManager keyManager)
{
if (this.socketFactoryCreator != null)
{
throw new IllegalStateException("Socket Factory Creator was defined in the constructor.");
}
this.sslSocketFactoryCreatorBuilder.withKeyManager(keyManager);
return this;
}
public JsseESTServiceBuilder withKeyManagers(KeyManager[] keyManagers)
{
if (this.socketFactoryCreator != null)
{
throw new IllegalStateException("Socket Factory Creator was defined in the constructor.");
}
this.sslSocketFactoryCreatorBuilder.withKeyManagers(keyManagers);
return this;
}
Filter cipher suites with supported before passing to JSSE provider.
Params: - filter – true, supplied cipher suites will be filtered with supported before passing to the JSSE provider.
Returns: this;
/**
* Filter cipher suites with supported before passing to JSSE provider.
*
* @param filter true, supplied cipher suites will be filtered with supported before passing to the JSSE provider.
* @return this;
*/
public JsseESTServiceBuilder withFilterCipherSuites(boolean filter)
{
this.filterCipherSuites = filter;
return this;
}
public ESTService build()
{
if (bindingProvider == null)
{
bindingProvider = new ChannelBindingProvider()
{
public boolean canAccessChannelBinding(Socket sock)
{
return false;
}
public byte[] getChannelBinding(Socket sock, String binding)
{
return null;
}
};
}
if (socketFactoryCreator == null)
{
socketFactoryCreator = sslSocketFactoryCreatorBuilder.build();
}
if (clientProvider == null)
{
clientProvider = new DefaultESTHttpClientProvider(
hostNameAuthorizer,
socketFactoryCreator,
timeoutMillis,
bindingProvider,
supportedSuites,
absoluteLimit, filterCipherSuites);
}
return super.build();
}
}