Package org.wildfly.security.ssl

Class SSLUtils

    • Method Detail

      • createSslContextFactory

        public static SecurityFactory<SSLContext> createSslContextFactory​(ProtocolSelector protocolSelector,
                                                                  Supplier<Provider[]> providerSupplier)
        Create an SSL context factory which locates the best context by searching the preferred providers in order using the rules established in the given protocol selector. If there are no matches, a factory is returned which
        Parameters:
        protocolSelector - the protocol selector
        providerSupplier - the provider supplier
        Returns:
        the SSL context factory

      • createSslContextFactory

        public static SecurityFactory<SSLContext> createSslContextFactory​(ProtocolSelector protocolSelector,
                                                                  Supplier<Provider[]> providerSupplier,
                                                                  String providerName)
        Create an SSL context factory which locates the best context by searching the preferred providers in order using the rules established in the given protocol selector. If there are no matches, a factory is returned which
        Parameters:
        protocolSelector - the protocol selector
        providerSupplier - the provider supplier
        providerName - the provider name to select, or null to allow any
        Returns:
        the SSL context factory

      • createSimpleSslContextFactory

        public static SecurityFactory<SSLContext> createSimpleSslContextFactory​(String protocol,
                                                                        Provider provider)
        Create a simple security factory for SSL contexts.
        Parameters:
        protocol - the protocol name
        provider - the provider to use
        Returns:
        the SSL context factory

      • createConfiguredSslContext

        public static SSLContext createConfiguredSslContext​(SSLContext original,
                                                    SSLConfigurator sslConfigurator)
        Create a configured SSL context from an outside SSL context.
        Parameters:
        original - the original SSL context
        sslConfigurator - the SSL configurator
        Returns:
        the configured SSL context

      • createConfiguredSslContext

        public static SSLContext createConfiguredSslContext​(SSLContext original,
                                                    SSLConfigurator sslConfigurator,
                                                    boolean wrap)
        Create a configured SSL context from an outside SSL context.
        Parameters:
        original - the original SSL context
        sslConfigurator - the SSL configurator
        wrap - should the resulting SSLEngine, SSLSocket, and SSLServerSocket instances be wrapped using the configurator.
        Returns:
        the configured SSL context

      • createConfiguredSslContextFactory

        public static SecurityFactory<SSLContext> createConfiguredSslContextFactory​(SecurityFactory<SSLContext> originalFactory,
                                                                            SSLConfigurator sslConfigurator)
        Create a configured SSL context factory from an outside SSL context. The returned factory will create new instances for every call, so it might be necessary to wrap with a OneTimeSecurityFactory instance.
        Parameters:
        originalFactory - the original SSL context factory
        sslConfigurator - the SSL configurator
        Returns:
        the configured SSL context

      • getDefaultX509TrustManagerSecurityFactory

        public static SecurityFactory<X509TrustManager> getDefaultX509TrustManagerSecurityFactory()
        Get the platform's default X.509 trust manager security factory. The factory caches the instance.
        Returns:
        the security factory for the default trust manager

      • createSelectingSSLEngine

        public static SSLEngine createSelectingSSLEngine​(SSLContextSelector selector)
        Get a server SSL engine which dispatches to the appropriate SSL context based on the information in the SSL greeting.
        Parameters:
        selector - the context selector to use (cannot be null)
        Returns:
        the SSL engine (not null)

      • createSelectingSSLEngine

        public static SSLEngine createSelectingSSLEngine​(SSLContextSelector selector,
                                                 String host,
                                                 int port)
        Get a server SSL engine which dispatches to the appropriate SSL context based on the information in the SSL greeting.
        Parameters:
        selector - the context selector to use (cannot be null)
        host - the advisory host name
        port - the advisory port number
        Returns:
        the SSL engine (not null)

      • createHostNamePredicateSNIMatcher

        public static SNIMatcher createHostNamePredicateSNIMatcher​(Predicate<SNIHostName> predicate)
        Create an SNIMatcher which matches SNI host names that satisfy the given predicate.
        Parameters:
        predicate - the predicate (must not be null)
        Returns:
        the SNI matcher (not null)

      • createHostNameStringPredicateSNIMatcher

        public static SNIMatcher createHostNameStringPredicateSNIMatcher​(Predicate<String> predicate)
        Create an SNIMatcher which matches SNI host name strings that satisfy the given predicate.
        Parameters:
        predicate - the predicate (must not be null)
        Returns:
        the SNI matcher (not null)
        See Also:
        IDN

      • createHostNameStringSNIMatcher

        public static SNIMatcher createHostNameStringSNIMatcher​(String string)
        Create an SNIMatcher which matches SNI host names that are equal to the given (ASCII) string.
        Parameters:
        string - the host name string (must not be null)
        Returns:
        the SNI matcher (not null)
        See Also:
        IDN

      • createHostNameSuffixSNIMatcher

        public static SNIMatcher createHostNameSuffixSNIMatcher​(String suffix)
        Create an SNIMatcher which matches SNI host name strings which end with the given suffix.
        Parameters:
        suffix - the suffix to match (must not be null or empty)
        Returns:
        the SNI matcher (not null)

      • createDispatchingSSLEngineFactory

        public static SecurityFactory<SSLEngine> createDispatchingSSLEngineFactory​(SSLContextSelector selector)
        Get a factory which produces SSL engines which dispatch to the appropriate SSL context based on the information in the SSL greeting.
        Parameters:
        selector - the context selector to use (cannot be null)
        Returns:
        the SSL engine factory (not null)

      • getOrDefault

        public static Object getOrDefault​(SSLSession sslSession,
                                  String key,
                                  Object defaultValue)
        Get the value of the given key from the SSL session, or a default value if the key is not set.
        Parameters:
        sslSession - the SSL session (must not be null)
        key - the key to retrieve (must not be null)
        defaultValue - the value to return if the key is not present
        Returns:
        the session value or the default value

      • putSessionValueIfAbsent

        public static Object putSessionValueIfAbsent​(SSLSession sslSession,
                                             String key,
                                             Object newValue)
        Put a value on the session if the value is not yet set. This method is atomic with respect to other methods on this class.
        Parameters:
        sslSession - the SSL session (must not be null)
        key - the key to retrieve (must not be null)
        newValue - the value to set (must not be null)
        Returns:
        the existing value, or null if the value was successfully set

      • removeSessionValue

        public static Object removeSessionValue​(SSLSession sslSession,
                                        String key)
        Remove and return a value on the session. This method is atomic with respect to other methods on this class.
        Parameters:
        sslSession - the SSL session (must not be null)
        key - the key to retrieve (must not be null)
        Returns:
        the existing value, or null if no such value was set

      • removeSessionValue

        public static boolean removeSessionValue​(SSLSession sslSession,
                                         String key,
                                         Object value)
        Remove the given key-value pair on the session. This method is atomic with respect to other methods on this class.
        Parameters:
        sslSession - the SSL session (must not be null)
        key - the key to remove (must not be null)
        value - the value to remove (must not be null)
        Returns:
        true if the key/value pair was removed, false if the key was not present or the value was not equal to the given value

      • replaceSessionValue

        public static Object replaceSessionValue​(SSLSession sslSession,
                                         String key,
                                         Object newValue)
        Replace the given key's value with a new value. If there is no value for the given key, no action is performed. This method is atomic with respect to other methods on this class.
        Parameters:
        sslSession - the SSL session (must not be null)
        key - the key to retrieve (must not be null)
        newValue - the value to set (must not be null)
        Returns:
        the existing value, or null if the value was not set

      • replaceSessionValue

        public static boolean replaceSessionValue​(SSLSession sslSession,
                                          String key,
                                          Object oldValue,
                                          Object newValue)
        Replace the given key's value with a new value if (and only if) it is mapped to the given existing value. This method is atomic with respect to other methods on this class.
        Parameters:
        sslSession - the SSL session (must not be null)
        key - the key to retrieve (must not be null)
        oldValue - the value to match (must not be null)
        newValue - the value to set (must not be null)
        Returns:
        true if the value was matched and replaced, or false if the value did not match and no action was taken

      • computeIfAbsent

        public static <R> R computeIfAbsent​(SSLSession sslSession,
                                    String key,
                                    Function<String,​R> mappingFunction)
        Get or compute the value for the given key, storing the computed value (if one is generated). The function must not generate a null value or an unspecified exception will result.
        Parameters:
        sslSession - the SSL session (must not be null)
        key - the key to retrieve (must not be null)
        mappingFunction - the function to apply to acquire the value (must not be null)
        Returns:
        the stored or new value (not null)