public static final class HttpConfiguration.SslConfiguration.Builder
extends java.lang.Object
HttpConfiguration.SslConfiguration
.Constructor and Description |
---|
HttpConfiguration.SslConfiguration.Builder() |
HttpConfiguration.SslConfiguration.Builder(java.security.KeyStore trustStore) |
Modifier and Type | Method and Description |
---|---|
HttpConfiguration.SslConfiguration.Builder |
disableCertificateValidation()
Disables the validation of the server's certificate chain, thus
making the client trust all the endpoints it is connecting to
regardless of the certificate they provide.
|
HttpConfiguration.SslConfiguration.Builder |
disableHostnameVerification()
Disables the verification of the server's hostname, thus exposing
the client to man-in-the-middle attacks.
|
HttpConfiguration.SslConfiguration |
getConfig()
Creates a configuration with all the settings set to this builder
instance.
|
HttpConfiguration.SslConfiguration.Builder |
setCrlCertStore(java.security.cert.CertStore crlCertStore)
Sets the certificate revocation list
CertStore that would
be used for validating server certificates. |
HttpConfiguration.SslConfiguration.Builder |
setEnabledCipherSuites(java.lang.String[] enabledCipherSuites)
Sets the cipher suites enabled for use by this configuration.
|
HttpConfiguration.SslConfiguration.Builder |
setEnabledProtocols(java.lang.String[] enabledProtocols)
Sets the protocol versions enabled for use by this configuration.
|
HttpConfiguration.SslConfiguration.Builder |
setKeyStore(java.security.KeyStore keyStore)
Sets the
KeyStore which contains the certificates used to
authenticate the client during an SSL handshake. |
HttpConfiguration.SslConfiguration.Builder |
setKeyStoreConfig(HttpConfiguration.KeyStoreConfig keyStoreConfig)
Sets the configuration parameters for the
KeyStore
provided with setKeyStore(KeyStore) . |
HttpConfiguration.SslConfiguration.Builder |
setTrustStore(java.security.KeyStore trustStore)
Sets the
KeyStore that contains certificates of trusted
parties or Certificate Authorities trusted to identify other
parties. |
public HttpConfiguration.SslConfiguration.Builder()
public HttpConfiguration.SslConfiguration.Builder(java.security.KeyStore trustStore)
trustStore
- the keystore that contains certificates of
trusted parties or Certificate Authorities trusted to
identify other parties; may be null
, in which
case, the default JRE trust-store would be usedpublic HttpConfiguration.SslConfiguration.Builder setTrustStore(java.security.KeyStore trustStore)
KeyStore
that contains certificates of trusted
parties or Certificate Authorities trusted to identify other
parties.
Default value is null
which results in the default JRE
trust-store being used.
trustStore
- the keystore that contains trusted certificates;
may be null
, in which case, the default JRE
trust-store would be usedpublic HttpConfiguration.SslConfiguration.Builder setKeyStore(java.security.KeyStore keyStore)
KeyStore
which contains the certificates used to
authenticate the client during an SSL handshake.
A HttpConfiguration.KeyStoreConfig
object specifying the alias and
password of the key should be provided through
#setKeyStoreConfig(KeyStoreConfig)
for this to work.
Default value is null
which results in no client
authentication provided when connecting to the server.
keyStore
- the keystore that contains the client
certificates; may be null
.#setKeyStoreConfig(KeyStoreConfig)
public HttpConfiguration.SslConfiguration.Builder setKeyStoreConfig(HttpConfiguration.KeyStoreConfig keyStoreConfig)
KeyStore
provided with setKeyStore(KeyStore)
.
Default value is null
which results in no client
authentication provided when connecting to the server.
keyStoreConfig
- the configuration for client certificates.setKeyStore(KeyStore)
public HttpConfiguration.SslConfiguration.Builder setCrlCertStore(java.security.cert.CertStore crlCertStore)
CertStore
that would
be used for validating server certificates.
Default value is null
which results in no validation
for the server certificates against CRLs.
Requires a custom trust-store to be set; otherwise an
IllegalArgumentException
would be thrown upon invoking
getConfig()
of this instance.
crlCertStore
- the cert-store to be used for retrieving the
CRLs; may be null
.public HttpConfiguration.SslConfiguration.Builder setEnabledProtocols(java.lang.String[] enabledProtocols)
The specified protocols must be among SSLv2Hello
,
SSLv3
, TLSv1
, TLSv1.1
and TLSv1.2
; otherwise, applying this configuration over an
SSLSocket
later would fail.
Defaults to TLSv1
, TLSv1.1
and TLSv1.2
.
enabledProtocols
- Names of all the protocols to enable;
must not be null
or empty.public HttpConfiguration.SslConfiguration.Builder setEnabledCipherSuites(java.lang.String[] enabledCipherSuites)
Default value is null
which results in the default JRE
cipher-suites being enabled.
enabledCipherSuites
- Names of all the cipher suites to
enable.public HttpConfiguration.SslConfiguration.Builder disableHostnameVerification()
By default the verification is enabled, providing for proper SSL connectivity.
This option is provided to ease the process of initial evaluation of the SDK or say to prepare code examples that are easier to set-up. It must not be employed in a production environment.
The runtime would log a warning upon each SSL-handshake when the verification is disabled.
public HttpConfiguration.SslConfiguration.Builder disableCertificateValidation()
By default the validation is enabled, allowing connections only to trusted servers.
This option is provided to ease the process of initial evaluation of the SDK or say to prepare code examples that are easier to set-up. It must not be employed in a production environment.
The runtime would log a warning upon each SSL-handshake when the validation is disabled.
With the certificate validation disabled, if the trust-store
is set to a value other than null
, an
IllegalArgumentException
would be thrown upon invoking
getConfig()
of this instance.
public HttpConfiguration.SslConfiguration getConfig()
HttpConfiguration.SslConfiguration