Package de.hybris.platform.ldap.connection.ssl

Class JNDISocketFactory

  • public class JNDISocketFactory
extends javax.net.ssl.SSLSocketFactory

    Socket factory for SSL jndi links that returns an SSL socket. It incorporates a keystore, which must contain the certs used to authenticate the client.

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.net.Socket createSocket()  
      java.net.Socket createSocket​(java.lang.String host, int port)
      Return an SSLSocket (upcast to Socket) given host and port.
      java.net.Socket createSocket​(java.lang.String host, int port, java.net.InetAddress client_host, int client_port)
      Return an SSLSocket (upcast to Socket) given host and port.
      java.net.Socket createSocket​(java.net.InetAddress host, int port)
      Return an SSLSocket (upcast to Socket) given host and port.
      java.net.Socket createSocket​(java.net.InetAddress host, int port, java.net.InetAddress client_host, int client_port)
      Return an SSLSocket (upcast to Socket) given host and port.
      java.net.Socket createSocket​(java.net.Socket socket, java.lang.String host, int port, boolean autoclose)
      Return an SSLSocket layered on top of the given Socket.
      static java.security.KeyStore getClientKeyStore()  
      static javax.net.SocketFactory getDefault()
      Return an instance of this class.
      java.lang.String[] getDefaultCipherSuites()
      Return default cipher suites.
      java.lang.String[] getSupportedCipherSuites()
      Return supported cipher suites.
      static void init​(java.lang.String caKeystoreFile, java.lang.String clientKeystoreFile, char[] caPassphrase, char[] clientPassphrase, java.lang.String caKeystoreType, java.lang.String clientKeystoreType)
      Initialize the socket factory with a particular key store(s) and security provider.
      static void setClassLoader​(java.lang.ClassLoader newLoader)
      Register a custom class loader to be used by the class when getting security providers.
      static void setDebugOn()
      Enable debugging...

      • Methods inherited from class javax.net.ssl.SSLSocketFactory

        createSocket

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • JNDISocketFactory

        public JNDISocketFactory()

    • Method Detail

      • setClassLoader

        public static void setClassLoader​(java.lang.ClassLoader newLoader)
        Register a custom class loader to be used by the class when getting security providers.

      • setDebugOn

        public static void setDebugOn()
        Enable debugging...

      • init

        public static void init​(java.lang.String caKeystoreFile,
                        java.lang.String clientKeystoreFile,
                        char[] caPassphrase,
                        char[] clientPassphrase,
                        java.lang.String caKeystoreType,
                        java.lang.String clientKeystoreType)
                 throws javax.naming.NamingException

        Initialize the socket factory with a particular key store(s) and security provider. The minimum requirement is for a keystore containing trusted directory servers (the 'castore', or trusted certificate authority store, since the servers are usually signed by a common CA, whose cert would be held in this file).

        Further options include a private key store (the 'clientstore') that allows for client-authenticated ssl and SASL).

        Finally, it is possible to configure a non-standard keystore type and security provider. The keystore type defaults to Sun's JKS (at time of writting, the only keystore type that the default Sun security provider will handle).

        Nb. - it is possible to set a custom class loader (using 'registerClassLoader()' ) in which case this loader can be used to load the security provider.

        Parameters:
        caKeystoreFile - A keystore file name of public certificates (trusted CA signs)
        clientKeystoreFile - A keystore file name of the client's certificates, containing private keys. (may be null if only simple, 'server authenticated' ssl is being used).
        caPassphrase - A password for the caKeystoreFile certificate. (may be null if only simple, 'server authenticated' ssl is being used, and keystore type is 'JKS'). Calling Program must manually clear passphrase after init() call.
        clientPassphrase - A password for the clientKeystoreFile certificate. (may be null if only simple, 'server authenticated' ssl is being used). Calling Program must manually clear passphrase after init() call.
        caKeystoreType - The type of cakeystore file. (null => 'JKS')
        clientKeystoreType - The type of clientkeystore file. (null => 'JKS')
        Throws:
        javax.naming.NamingException

      • getDefault

        public static javax.net.SocketFactory getDefault()
        Return an instance of this class.
        Returns:
        An instance of JNDISocketFactory.

      • getClientKeyStore

        public static java.security.KeyStore getClientKeyStore()

      • createSocket

        public java.net.Socket createSocket()
                             throws java.io.IOException,
                                    java.net.UnknownHostException
        Overrides:
        createSocket in class javax.net.SocketFactory
        Throws:
        java.io.IOException
        java.net.UnknownHostException

      • createSocket

        public java.net.Socket createSocket​(java.lang.String host,
                                    int port)
                             throws java.io.IOException,
                                    java.net.UnknownHostException
        Return an SSLSocket (upcast to Socket) given host and port.
        Specified by:
        createSocket in class javax.net.SocketFactory
        Parameters:
        host - Name of the host to which the socket will be opened.
        port - Port to connect to.
        Returns:
        An SSLSocket instance (as a Socket).
        Throws:
        java.io.IOException - If the connection can't be established.
        java.net.UnknownHostException - If the host is not known.

      • createSocket

        public java.net.Socket createSocket​(java.net.InetAddress host,
                                    int port)
                             throws java.io.IOException,
                                    java.net.UnknownHostException
        Return an SSLSocket (upcast to Socket) given host and port.
        Specified by:
        createSocket in class javax.net.SocketFactory
        Parameters:
        host - Address of the server host.
        port - Port to connect to.
        Returns:
        An SSLSocket instance (as a Socket).
        Throws:
        java.io.IOException - If the connection can't be established.
        java.net.UnknownHostException - If the host is not known.

      • createSocket

        public java.net.Socket createSocket​(java.net.InetAddress host,
                                    int port,
                                    java.net.InetAddress client_host,
                                    int client_port)
                             throws java.io.IOException,
                                    java.net.UnknownHostException
        Return an SSLSocket (upcast to Socket) given host and port. The client is bound to the specified network address and port.
        Specified by:
        createSocket in class javax.net.SocketFactory
        Parameters:
        host - Address of the server host.
        port - Port to connect to.
        client_host - Address of this (client) host.
        client_port - Port to connect from.
        Returns:
        An SSLSocket instance (as a Socket).
        Throws:
        java.io.IOException - If the connection can't be established.
        java.net.UnknownHostException - If the host is not known.

      • createSocket

        public java.net.Socket createSocket​(java.lang.String host,
                                    int port,
                                    java.net.InetAddress client_host,
                                    int client_port)
                             throws java.io.IOException,
                                    java.net.UnknownHostException
        Return an SSLSocket (upcast to Socket) given host and port. The client is bound to the specified network address and port.
        Specified by:
        createSocket in class javax.net.SocketFactory
        Parameters:
        host - Address of the server host.
        port - Port to connect to.
        client_host - Address of this (client) host.
        client_port - Port to connect from.
        Returns:
        An SSLSocket instance (as a Socket).
        Throws:
        java.io.IOException - If the connection can't be established.
        java.net.UnknownHostException - If the host is not known.

      • createSocket

        public java.net.Socket createSocket​(java.net.Socket socket,
                                    java.lang.String host,
                                    int port,
                                    boolean autoclose)
                             throws java.io.IOException,
                                    java.net.UnknownHostException
        Return an SSLSocket layered on top of the given Socket.
        Specified by:
        createSocket in class javax.net.ssl.SSLSocketFactory
        Throws:
        java.io.IOException
        java.net.UnknownHostException

      • getDefaultCipherSuites

        public java.lang.String[] getDefaultCipherSuites()
        Return default cipher suites.
        Specified by:
        getDefaultCipherSuites in class javax.net.ssl.SSLSocketFactory

      • getSupportedCipherSuites

        public java.lang.String[] getSupportedCipherSuites()
        Return supported cipher suites.
        Specified by:
        getSupportedCipherSuites in class javax.net.ssl.SSLSocketFactory