Package org.wildfly.security.ssl
Class SSLUtils
- java.lang.Object
-
- org.wildfly.security.ssl.SSLUtils
-
public final class SSLUtils extends Object
SSL factories and utilities.- Author:
- David M. Lloyd
-
-
Field Summary
Fields Modifier and Type Field Description static String
SSL_SESSION_IDENTITY_KEY
The key used to store the authenticatedSecurityIdentity
onto theSSLSession
.
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static <R> R
computeIfAbsent(SSLSession sslSession, String key, Function<String,R> mappingFunction)
Get or compute the value for the given key, storing the computed value (if one is generated).static SSLContext
createConfiguredSslContext(SSLContext original, SSLConfigurator sslConfigurator)
Create a configured SSL context from an outside SSL context.static SSLContext
createConfiguredSslContext(SSLContext original, SSLConfigurator sslConfigurator, boolean wrap)
Create a configured SSL context from an outside SSL context.static SecurityFactory<SSLContext>
createConfiguredSslContextFactory(SecurityFactory<SSLContext> originalFactory, SSLConfigurator sslConfigurator)
Create a configured SSL context factory from an outside SSL context.static SecurityFactory<SSLEngine>
createDispatchingSSLEngineFactory(SSLContextSelector selector)
Get a factory which produces SSL engines which dispatch to the appropriate SSL context based on the information in the SSL greeting.static SNIMatcher
createHostNamePredicateSNIMatcher(Predicate<SNIHostName> predicate)
Create anSNIMatcher
which matches SNI host names that satisfy the given predicate.static SNIMatcher
createHostNameStringPredicateSNIMatcher(Predicate<String> predicate)
Create anSNIMatcher
which matches SNI host name strings that satisfy the given predicate.static SNIMatcher
createHostNameStringSNIMatcher(String string)
Create anSNIMatcher
which matches SNI host names that are equal to the given (ASCII) string.static SNIMatcher
createHostNameSuffixSNIMatcher(String suffix)
Create anSNIMatcher
which matches SNI host name strings which end with the given suffix.static SSLEngine
createSelectingSSLEngine(SSLContextSelector selector)
Get a server SSL engine which dispatches to the appropriate SSL context based on the information in the SSL greeting.static SSLEngine
createSelectingSSLEngine(SSLContextSelector selector, String host, int port)
Get a server SSL engine which dispatches to the appropriate SSL context based on the information in the SSL greeting.static SecurityFactory<SSLContext>
createSimpleSslContextFactory(String protocol, Provider provider)
Create a simple security factory for SSL contexts.static SecurityFactory<SSLContext>
createSslContextFactory(ProtocolSelector protocolSelector, Supplier<Provider[]> providerSupplier)
Create an SSL context factory which locates the best context by searching the preferred providers in order using the rules established in the given protocol selector.static SecurityFactory<SSLContext>
createSslContextFactory(ProtocolSelector protocolSelector, Supplier<Provider[]> providerSupplier, String providerName)
Create an SSL context factory which locates the best context by searching the preferred providers in order using the rules established in the given protocol selector.static SecurityFactory<X509TrustManager>
getDefaultX509TrustManagerSecurityFactory()
Get the platform's default X.509 trust manager security factory.static Object
getOrDefault(SSLSession sslSession, String key, Object defaultValue)
Get the value of the given key from the SSL session, or a default value if the key is not set.static Object
putSessionValueIfAbsent(SSLSession sslSession, String key, Object newValue)
Put a value on the session if the value is not yet set.static Object
removeSessionValue(SSLSession sslSession, String key)
Remove and return a value on the session.static boolean
removeSessionValue(SSLSession sslSession, String key, Object value)
Remove the given key-value pair on the session.static Object
replaceSessionValue(SSLSession sslSession, String key, Object newValue)
Replace the given key's value with a new value.static boolean
replaceSessionValue(SSLSession sslSession, String key, Object oldValue, Object newValue)
Replace the given key's value with a new value if (and only if) it is mapped to the given existing value.
-
-
-
Field Detail
-
SSL_SESSION_IDENTITY_KEY
public static final String SSL_SESSION_IDENTITY_KEY
The key used to store the authenticatedSecurityIdentity
onto theSSLSession
.- See Also:
- Constant Field Values
-
-
Method Detail
-
createSslContextFactory
public static SecurityFactory<SSLContext> createSslContextFactory(ProtocolSelector protocolSelector, Supplier<Provider[]> providerSupplier)
Create an SSL context factory which locates the best context by searching the preferred providers in order using the rules established in the given protocol selector. If there are no matches, a factory is returned which- Parameters:
protocolSelector
- the protocol selectorproviderSupplier
- the provider supplier- Returns:
- the SSL context factory
-
createSslContextFactory
public static SecurityFactory<SSLContext> createSslContextFactory(ProtocolSelector protocolSelector, Supplier<Provider[]> providerSupplier, String providerName)
Create an SSL context factory which locates the best context by searching the preferred providers in order using the rules established in the given protocol selector. If there are no matches, a factory is returned which- Parameters:
protocolSelector
- the protocol selectorproviderSupplier
- the provider supplierproviderName
- the provider name to select, ornull
to allow any- Returns:
- the SSL context factory
-
createSimpleSslContextFactory
public static SecurityFactory<SSLContext> createSimpleSslContextFactory(String protocol, Provider provider)
Create a simple security factory for SSL contexts.- Parameters:
protocol
- the protocol nameprovider
- the provider to use- Returns:
- the SSL context factory
-
createConfiguredSslContext
public static SSLContext createConfiguredSslContext(SSLContext original, SSLConfigurator sslConfigurator)
Create a configured SSL context from an outside SSL context.- Parameters:
original
- the original SSL contextsslConfigurator
- the SSL configurator- Returns:
- the configured SSL context
-
createConfiguredSslContext
public static SSLContext createConfiguredSslContext(SSLContext original, SSLConfigurator sslConfigurator, boolean wrap)
Create a configured SSL context from an outside SSL context.- Parameters:
original
- the original SSL contextsslConfigurator
- the SSL configuratorwrap
- should the resulting SSLEngine, SSLSocket, and SSLServerSocket instances be wrapped using the configurator.- Returns:
- the configured SSL context
-
createConfiguredSslContextFactory
public static SecurityFactory<SSLContext> createConfiguredSslContextFactory(SecurityFactory<SSLContext> originalFactory, SSLConfigurator sslConfigurator)
Create a configured SSL context factory from an outside SSL context. The returned factory will create new instances for every call, so it might be necessary to wrap with aOneTimeSecurityFactory
instance.- Parameters:
originalFactory
- the original SSL context factorysslConfigurator
- the SSL configurator- Returns:
- the configured SSL context
-
getDefaultX509TrustManagerSecurityFactory
public static SecurityFactory<X509TrustManager> getDefaultX509TrustManagerSecurityFactory()
Get the platform's default X.509 trust manager security factory. The factory caches the instance.- Returns:
- the security factory for the default trust manager
-
createSelectingSSLEngine
public static SSLEngine createSelectingSSLEngine(SSLContextSelector selector)
Get a server SSL engine which dispatches to the appropriate SSL context based on the information in the SSL greeting.- Parameters:
selector
- the context selector to use (cannot benull
)- Returns:
- the SSL engine (not
null
)
-
createSelectingSSLEngine
public static SSLEngine createSelectingSSLEngine(SSLContextSelector selector, String host, int port)
Get a server SSL engine which dispatches to the appropriate SSL context based on the information in the SSL greeting.- Parameters:
selector
- the context selector to use (cannot benull
)host
- the advisory host nameport
- the advisory port number- Returns:
- the SSL engine (not
null
)
-
createHostNamePredicateSNIMatcher
public static SNIMatcher createHostNamePredicateSNIMatcher(Predicate<SNIHostName> predicate)
Create anSNIMatcher
which matches SNI host names that satisfy the given predicate.- Parameters:
predicate
- the predicate (must not benull
)- Returns:
- the SNI matcher (not
null
)
-
createHostNameStringPredicateSNIMatcher
public static SNIMatcher createHostNameStringPredicateSNIMatcher(Predicate<String> predicate)
Create anSNIMatcher
which matches SNI host name strings that satisfy the given predicate.- Parameters:
predicate
- the predicate (must not benull
)- Returns:
- the SNI matcher (not
null
) - See Also:
IDN
-
createHostNameStringSNIMatcher
public static SNIMatcher createHostNameStringSNIMatcher(String string)
Create anSNIMatcher
which matches SNI host names that are equal to the given (ASCII) string.- Parameters:
string
- the host name string (must not benull
)- Returns:
- the SNI matcher (not
null
) - See Also:
IDN
-
createHostNameSuffixSNIMatcher
public static SNIMatcher createHostNameSuffixSNIMatcher(String suffix)
Create anSNIMatcher
which matches SNI host name strings which end with the given suffix.- Parameters:
suffix
- the suffix to match (must not benull
or empty)- Returns:
- the SNI matcher (not
null
)
-
createDispatchingSSLEngineFactory
public static SecurityFactory<SSLEngine> createDispatchingSSLEngineFactory(SSLContextSelector selector)
Get a factory which produces SSL engines which dispatch to the appropriate SSL context based on the information in the SSL greeting.- Parameters:
selector
- the context selector to use (cannot benull
)- Returns:
- the SSL engine factory (not
null
)
-
getOrDefault
public static Object getOrDefault(SSLSession sslSession, String key, Object defaultValue)
Get the value of the given key from the SSL session, or a default value if the key is not set.- Parameters:
sslSession
- the SSL session (must not benull
)key
- the key to retrieve (must not benull
)defaultValue
- the value to return if the key is not present- Returns:
- the session value or the default value
-
putSessionValueIfAbsent
public static Object putSessionValueIfAbsent(SSLSession sslSession, String key, Object newValue)
Put a value on the session if the value is not yet set. This method is atomic with respect to other methods on this class.- Parameters:
sslSession
- the SSL session (must not benull
)key
- the key to retrieve (must not benull
)newValue
- the value to set (must not benull
)- Returns:
- the existing value, or
null
if the value was successfully set
-
removeSessionValue
public static Object removeSessionValue(SSLSession sslSession, String key)
Remove and return a value on the session. This method is atomic with respect to other methods on this class.- Parameters:
sslSession
- the SSL session (must not benull
)key
- the key to retrieve (must not benull
)- Returns:
- the existing value, or
null
if no such value was set
-
removeSessionValue
public static boolean removeSessionValue(SSLSession sslSession, String key, Object value)
Remove the given key-value pair on the session. This method is atomic with respect to other methods on this class.- Parameters:
sslSession
- the SSL session (must not benull
)key
- the key to remove (must not benull
)value
- the value to remove (must not benull
)- Returns:
true
if the key/value pair was removed,false
if the key was not present or the value was not equal to the given value
-
replaceSessionValue
public static Object replaceSessionValue(SSLSession sslSession, String key, Object newValue)
Replace the given key's value with a new value. If there is no value for the given key, no action is performed. This method is atomic with respect to other methods on this class.- Parameters:
sslSession
- the SSL session (must not benull
)key
- the key to retrieve (must not benull
)newValue
- the value to set (must not benull
)- Returns:
- the existing value, or
null
if the value was not set
-
replaceSessionValue
public static boolean replaceSessionValue(SSLSession sslSession, String key, Object oldValue, Object newValue)
Replace the given key's value with a new value if (and only if) it is mapped to the given existing value. This method is atomic with respect to other methods on this class.- Parameters:
sslSession
- the SSL session (must not benull
)key
- the key to retrieve (must not benull
)oldValue
- the value to match (must not benull
)newValue
- the value to set (must not benull
)- Returns:
true
if the value was matched and replaced, orfalse
if the value did not match and no action was taken
-
computeIfAbsent
public static <R> R computeIfAbsent(SSLSession sslSession, String key, Function<String,R> mappingFunction)
Get or compute the value for the given key, storing the computed value (if one is generated). The function must not generate anull
value or an unspecified exception will result.- Parameters:
sslSession
- the SSL session (must not benull
)key
- the key to retrieve (must not benull
)mappingFunction
- the function to apply to acquire the value (must not benull
)- Returns:
- the stored or new value (not
null
)
-
-