org.wildfly.security.ssl

Class SSLUtils

java.lang.Object

org.wildfly.security.ssl.SSLUtils

public final class SSLUtils
extends Object

SSL factories and utilities.

Author:

David M. Lloyd

Field Summary

Fields

Modifier and Type	Field and Description
static String	SSL_SESSION_IDENTITY_KEY The key used to store the authenticated SecurityIdentity onto the SSLSession.

Method Summary

Modifier and Type	Method and Description
static <R> R	computeIfAbsent(SSLSession sslSession, String key, Function<String,R> mappingFunction) Get or compute the value for the given key, storing the computed value (if one is generated).
static SSLContext	createConfiguredSslContext(SSLContext original, SSLConfigurator sslConfigurator) Create a configured SSL context from an outside SSL context.
static SSLContext	createConfiguredSslContext(SSLContext original, SSLConfigurator sslConfigurator, boolean wrap) Create a configured SSL context from an outside SSL context.
static SecurityFactory<SSLContext>	createConfiguredSslContextFactory(SecurityFactory<SSLContext> originalFactory, SSLConfigurator sslConfigurator) Create a configured SSL context factory from an outside SSL context.
static SecurityFactory<SSLEngine>	createDispatchingSSLEngineFactory(SSLContextSelector selector) Get a factory which produces SSL engines which dispatch to the appropriate SSL context based on the information in the SSL greeting.
static SNIMatcher	createHostNamePredicateSNIMatcher(Predicate<SNIHostName> predicate) Create an SNIMatcher which matches SNI host names that satisfy the given predicate.
static SNIMatcher	createHostNameStringPredicateSNIMatcher(Predicate<String> predicate) Create an SNIMatcher which matches SNI host name strings that satisfy the given predicate.
static SNIMatcher	createHostNameStringSNIMatcher(String string) Create an SNIMatcher which matches SNI host names that are equal to the given (ASCII) string.
static SNIMatcher	createHostNameSuffixSNIMatcher(String suffix) Create an SNIMatcher which matches SNI host name strings which end with the given suffix.
static SSLEngine	createSelectingSSLEngine(SSLContextSelector selector) Get a server SSL engine which dispatches to the appropriate SSL context based on the information in the SSL greeting.
static SSLEngine	createSelectingSSLEngine(SSLContextSelector selector, String host, int port) Get a server SSL engine which dispatches to the appropriate SSL context based on the information in the SSL greeting.
static SecurityFactory<SSLContext>	createSimpleSslContextFactory(String protocol, Provider provider) Create a simple security factory for SSL contexts.
static SecurityFactory<SSLContext>	createSslContextFactory(ProtocolSelector protocolSelector, Supplier<Provider[]> providerSupplier) Create an SSL context factory which locates the best context by searching the preferred providers in order using the rules established in the given protocol selector.
static SecurityFactory<SSLContext>	createSslContextFactory(ProtocolSelector protocolSelector, Supplier<Provider[]> providerSupplier, String providerName) Create an SSL context factory which locates the best context by searching the preferred providers in order using the rules established in the given protocol selector.
static SecurityFactory<X509TrustManager>	getDefaultX509TrustManagerSecurityFactory() Get the platform's default X.509 trust manager security factory.
static Object	getOrDefault(SSLSession sslSession, String key, Object defaultValue) Get the value of the given key from the SSL session, or a default value if the key is not set.
static Object	putSessionValueIfAbsent(SSLSession sslSession, String key, Object newValue) Put a value on the session if the value is not yet set.
static Object	removeSessionValue(SSLSession sslSession, String key) Remove and return a value on the session.
static boolean	removeSessionValue(SSLSession sslSession, String key, Object value) Remove the given key-value pair on the session.
static Object	replaceSessionValue(SSLSession sslSession, String key, Object newValue) Replace the given key's value with a new value.
static boolean	replaceSessionValue(SSLSession sslSession, String key, Object oldValue, Object newValue) Replace the given key's value with a new value if (and only if) it is mapped to the given existing value.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SSL_SESSION_IDENTITY_KEY

public static final String SSL_SESSION_IDENTITY_KEY

The key used to store the authenticated SecurityIdentity onto the SSLSession.

See Also:

Constant Field Values

Method Detail

createSslContextFactory

public static SecurityFactory<SSLContext> createSslContextFactory(ProtocolSelector protocolSelector,
                                                                  Supplier<Provider[]> providerSupplier)

Create an SSL context factory which locates the best context by searching the preferred providers in order using the rules established in the given protocol selector. If there are no matches, a factory is returned which

Parameters:

protocolSelector - the protocol selector

providerSupplier - the provider supplier

Returns:

the SSL context factory

createSslContextFactory

public static SecurityFactory<SSLContext> createSslContextFactory(ProtocolSelector protocolSelector,
                                                                  Supplier<Provider[]> providerSupplier,
                                                                  String providerName)

Create an SSL context factory which locates the best context by searching the preferred providers in order using the rules established in the given protocol selector. If there are no matches, a factory is returned which

Parameters:

protocolSelector - the protocol selector

providerSupplier - the provider supplier

providerName - the provider name to select, or null to allow any

Returns:

the SSL context factory

createSimpleSslContextFactory

public static SecurityFactory<SSLContext> createSimpleSslContextFactory(String protocol,
                                                                        Provider provider)

Create a simple security factory for SSL contexts.

Parameters:

protocol - the protocol name

provider - the provider to use

Returns:

the SSL context factory

createConfiguredSslContext

public static SSLContext createConfiguredSslContext(SSLContext original,
                                                    SSLConfigurator sslConfigurator)

Create a configured SSL context from an outside SSL context.

Parameters:

original - the original SSL context

sslConfigurator - the SSL configurator

Returns:

the configured SSL context

createConfiguredSslContext

public static SSLContext createConfiguredSslContext(SSLContext original,
                                                    SSLConfigurator sslConfigurator,
                                                    boolean wrap)

Create a configured SSL context from an outside SSL context.

Parameters:

original - the original SSL context

sslConfigurator - the SSL configurator

wrap - should the resulting SSLEngine, SSLSocket, and SSLServerSocket instances be wrapped using the configurator.

Returns:

the configured SSL context

createConfiguredSslContextFactory

public static SecurityFactory<SSLContext> createConfiguredSslContextFactory(SecurityFactory<SSLContext> originalFactory,
                                                                            SSLConfigurator sslConfigurator)

Create a configured SSL context factory from an outside SSL context. The returned factory will create new instances for every call, so it might be necessary to wrap with a OneTimeSecurityFactory instance.

Parameters:

originalFactory - the original SSL context factory

sslConfigurator - the SSL configurator

Returns:

the configured SSL context

getDefaultX509TrustManagerSecurityFactory

public static SecurityFactory<X509TrustManager> getDefaultX509TrustManagerSecurityFactory()

Get the platform's default X.509 trust manager security factory. The factory caches the instance.

Returns:

the security factory for the default trust manager

createSelectingSSLEngine

public static SSLEngine createSelectingSSLEngine(SSLContextSelector selector)

Get a server SSL engine which dispatches to the appropriate SSL context based on the information in the SSL greeting.

Parameters:

selector - the context selector to use (cannot be null)

Returns:

the SSL engine (not null)

createSelectingSSLEngine

public static SSLEngine createSelectingSSLEngine(SSLContextSelector selector,
                                                 String host,
                                                 int port)

Get a server SSL engine which dispatches to the appropriate SSL context based on the information in the SSL greeting.

Parameters:

selector - the context selector to use (cannot be null)

host - the advisory host name

port - the advisory port number

Returns:

the SSL engine (not null)

createHostNamePredicateSNIMatcher

public static SNIMatcher createHostNamePredicateSNIMatcher(Predicate<SNIHostName> predicate)

Create an SNIMatcher which matches SNI host names that satisfy the given predicate.

Parameters:

predicate - the predicate (must not be null)

Returns:

the SNI matcher (not null)

createHostNameStringPredicateSNIMatcher

public static SNIMatcher createHostNameStringPredicateSNIMatcher(Predicate<String> predicate)

Create an SNIMatcher which matches SNI host name strings that satisfy the given predicate.

Parameters:

predicate - the predicate (must not be null)

Returns:

the SNI matcher (not null)

See Also:

IDN

createHostNameStringSNIMatcher

public static SNIMatcher createHostNameStringSNIMatcher(String string)

Create an SNIMatcher which matches SNI host names that are equal to the given (ASCII) string.

Parameters:

string - the host name string (must not be null)

Returns:

the SNI matcher (not null)

See Also:

IDN

createHostNameSuffixSNIMatcher

public static SNIMatcher createHostNameSuffixSNIMatcher(String suffix)

Create an SNIMatcher which matches SNI host name strings which end with the given suffix.

Parameters:

suffix - the suffix to match (must not be null or empty)

Returns:

the SNI matcher (not null)

createDispatchingSSLEngineFactory

public static SecurityFactory<SSLEngine> createDispatchingSSLEngineFactory(SSLContextSelector selector)

Get a factory which produces SSL engines which dispatch to the appropriate SSL context based on the information in the SSL greeting.

Parameters:

selector - the context selector to use (cannot be null)

Returns:

the SSL engine factory (not null)

getOrDefault

public static Object getOrDefault(SSLSession sslSession,
                                  String key,
                                  Object defaultValue)

Get the value of the given key from the SSL session, or a default value if the key is not set.

Parameters:

sslSession - the SSL session (must not be null)

key - the key to retrieve (must not be null)

defaultValue - the value to return if the key is not present

Returns:

the session value or the default value

putSessionValueIfAbsent

public static Object putSessionValueIfAbsent(SSLSession sslSession,
                                             String key,
                                             Object newValue)

Put a value on the session if the value is not yet set. This method is atomic with respect to other methods on this class.

Parameters:

sslSession - the SSL session (must not be null)

key - the key to retrieve (must not be null)

newValue - the value to set (must not be null)

Returns:

the existing value, or null if the value was successfully set

removeSessionValue

public static Object removeSessionValue(SSLSession sslSession,
                                        String key)

Remove and return a value on the session. This method is atomic with respect to other methods on this class.

Parameters:

sslSession - the SSL session (must not be null)

key - the key to retrieve (must not be null)

Returns:

the existing value, or null if no such value was set

removeSessionValue

public static boolean removeSessionValue(SSLSession sslSession,
                                         String key,
                                         Object value)

Remove the given key-value pair on the session. This method is atomic with respect to other methods on this class.

Parameters:

sslSession - the SSL session (must not be null)

key - the key to remove (must not be null)

value - the value to remove (must not be null)

Returns:

true if the key/value pair was removed, false if the key was not present or the value was not equal to the given value

replaceSessionValue

public static Object replaceSessionValue(SSLSession sslSession,
                                         String key,
                                         Object newValue)

Replace the given key's value with a new value. If there is no value for the given key, no action is performed. This method is atomic with respect to other methods on this class.

Parameters:

sslSession - the SSL session (must not be null)

key - the key to retrieve (must not be null)

newValue - the value to set (must not be null)

Returns:

the existing value, or null if the value was not set

replaceSessionValue

public static boolean replaceSessionValue(SSLSession sslSession,
                                          String key,
                                          Object oldValue,
                                          Object newValue)

Replace the given key's value with a new value if (and only if) it is mapped to the given existing value. This method is atomic with respect to other methods on this class.

Parameters:

sslSession - the SSL session (must not be null)

key - the key to retrieve (must not be null)

oldValue - the value to match (must not be null)

newValue - the value to set (must not be null)

Returns:

true if the value was matched and replaced, or false if the value did not match and no action was taken

computeIfAbsent

public static <R> R computeIfAbsent(SSLSession sslSession,
                                    String key,
                                    Function<String,R> mappingFunction)

Get or compute the value for the given key, storing the computed value (if one is generated). The function must not generate a null value or an unspecified exception will result.

Parameters:

sslSession - the SSL session (must not be null)

key - the key to retrieve (must not be null)

mappingFunction - the function to apply to acquire the value (must not be null)

Returns:

the stored or new value (not null)