de.hybris.platform.ldap.connection.ssl

Class JNDISocketFactory

java.lang.Object

javax.net.SocketFactory

javax.net.ssl.SSLSocketFactory

de.hybris.platform.ldap.connection.ssl.JNDISocketFactory

public class JNDISocketFactory
extends SSLSocketFactory

Socket factory for SSL jndi links that returns an SSL socket. It incorporates a keystore, which must contain the certs used to authenticate the client.

Constructor Summary

Constructors

Constructor and Description
JNDISocketFactory()

Method Summary

Modifier and Type	Method and Description
Socket	createSocket()
Socket	createSocket(InetAddress host, int port) Return an SSLSocket (upcast to Socket) given host and port.
Socket	createSocket(InetAddress host, int port, InetAddress client_host, int client_port) Return an SSLSocket (upcast to Socket) given host and port.
Socket	createSocket(Socket socket, String host, int port, boolean autoclose) Return an SSLSocket layered on top of the given Socket.
Socket	createSocket(String host, int port) Return an SSLSocket (upcast to Socket) given host and port.
Socket	createSocket(String host, int port, InetAddress client_host, int client_port) Return an SSLSocket (upcast to Socket) given host and port.
static KeyStore	getClientKeyStore()
static SocketFactory	getDefault() Return an instance of this class.
String[]	getDefaultCipherSuites() Return default cipher suites.
String[]	getSupportedCipherSuites() Return supported cipher suites.
static void	init(String caKeystoreFile, String clientKeystoreFile, char[] caPassphrase, char[] clientPassphrase, String caKeystoreType, String clientKeystoreType) Initialize the socket factory with a particular key store(s) and security provider.
static void	setClassLoader(ClassLoader newLoader) Register a custom class loader to be used by the class when getting security providers.
static void	setDebugOn() Enable debugging...

Methods inherited from class javax.net.ssl.SSLSocketFactory

createSocket

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

JNDISocketFactory

public JNDISocketFactory()

Method Detail

setClassLoader

public static void setClassLoader(ClassLoader newLoader)

Register a custom class loader to be used by the class when getting security providers.

setDebugOn

public static void setDebugOn()

Enable debugging...

init

public static void init(String caKeystoreFile,
                        String clientKeystoreFile,
                        char[] caPassphrase,
                        char[] clientPassphrase,
                        String caKeystoreType,
                        String clientKeystoreType)
                 throws NamingException

Initialize the socket factory with a particular key store(s) and security provider. The minimum requirement is for a keystore containing trusted directory servers (the 'castore', or trusted certificate authority store, since the servers are usually signed by a common CA, whose cert would be held in this file).

Further options include a private key store (the 'clientstore') that allows for client-authenticated ssl and SASL).

Finally, it is possible to configure a non-standard keystore type and security provider. The keystore type defaults to Sun's JKS (at time of writting, the only keystore type that the default Sun security provider will handle).

Nb. - it is possible to set a custom class loader (using 'registerClassLoader()' ) in which case this loader can be used to load the security provider.

Parameters:

caKeystoreFile - A keystore file name of public certificates (trusted CA signs)

clientKeystoreFile - A keystore file name of the client's certificates, containing private keys. (may be null if only simple, 'server authenticated' ssl is being used).

caPassphrase - A password for the caKeystoreFile certificate. (may be null if only simple, 'server authenticated' ssl is being used, and keystore type is 'JKS'). Calling Program must manually clear passphrase after init() call.

clientPassphrase - A password for the clientKeystoreFile certificate. (may be null if only simple, 'server authenticated' ssl is being used). Calling Program must manually clear passphrase after init() call.

caKeystoreType - The type of cakeystore file. (null => 'JKS')

clientKeystoreType - The type of clientkeystore file. (null => 'JKS')

Throws:

NamingException

getDefault

public static SocketFactory getDefault()

Return an instance of this class.

Returns:

An instance of JNDISocketFactory.

getClientKeyStore

public static KeyStore getClientKeyStore()

createSocket

public Socket createSocket()
                    throws IOException,
                           UnknownHostException

Overrides:

createSocket in class SocketFactory

Throws:

IOException

UnknownHostException

createSocket

public Socket createSocket(String host,
                           int port)
                    throws IOException,
                           UnknownHostException

Return an SSLSocket (upcast to Socket) given host and port.

Specified by:

createSocket in class SocketFactory

Parameters:

host - Name of the host to which the socket will be opened.

port - Port to connect to.

Returns:

An SSLSocket instance (as a Socket).

Throws:

IOException - If the connection can't be established.

UnknownHostException - If the host is not known.

createSocket

public Socket createSocket(InetAddress host,
                           int port)
                    throws IOException,
                           UnknownHostException

Return an SSLSocket (upcast to Socket) given host and port.

Specified by:

createSocket in class SocketFactory

Parameters:

host - Address of the server host.

port - Port to connect to.

Returns:

An SSLSocket instance (as a Socket).

Throws:

IOException - If the connection can't be established.

UnknownHostException - If the host is not known.

createSocket

public Socket createSocket(InetAddress host,
                           int port,
                           InetAddress client_host,
                           int client_port)
                    throws IOException,
                           UnknownHostException

Return an SSLSocket (upcast to Socket) given host and port. The client is bound to the specified network address and port.

Specified by:

createSocket in class SocketFactory

Parameters:

host - Address of the server host.

port - Port to connect to.

client_host - Address of this (client) host.

client_port - Port to connect from.

Returns:

An SSLSocket instance (as a Socket).

Throws:

IOException - If the connection can't be established.

UnknownHostException - If the host is not known.

createSocket

public Socket createSocket(String host,
                           int port,
                           InetAddress client_host,
                           int client_port)
                    throws IOException,
                           UnknownHostException

Return an SSLSocket (upcast to Socket) given host and port. The client is bound to the specified network address and port.

Specified by:

createSocket in class SocketFactory

Parameters:

host - Address of the server host.

port - Port to connect to.

client_host - Address of this (client) host.

client_port - Port to connect from.

Returns:

An SSLSocket instance (as a Socket).

Throws:

IOException - If the connection can't be established.

UnknownHostException - If the host is not known.

createSocket

public Socket createSocket(Socket socket,
                           String host,
                           int port,
                           boolean autoclose)
                    throws IOException,
                           UnknownHostException

Return an SSLSocket layered on top of the given Socket.

Specified by:

createSocket in class SSLSocketFactory

Throws:

IOException

UnknownHostException

getDefaultCipherSuites

public String[] getDefaultCipherSuites()

Return default cipher suites.

Specified by:

getDefaultCipherSuites in class SSLSocketFactory

getSupportedCipherSuites

public String[] getSupportedCipherSuites()

Return supported cipher suites.

Specified by:

getSupportedCipherSuites in class SSLSocketFactory