com.vmware.vapi.protocol

Class HttpConfiguration.SslConfiguration.Builder

java.lang.Object

com.vmware.vapi.protocol.HttpConfiguration.SslConfiguration.Builder

Enclosing class:

HttpConfiguration.SslConfiguration

public static final class HttpConfiguration.SslConfiguration.Builder
extends java.lang.Object

Builder class for the HttpConfiguration.SslConfiguration.

Constructor Summary

Constructors

Constructor and Description
Builder()
Builder(java.security.KeyStore trustStore)

Method Summary

Modifier and Type	Method and Description
HttpConfiguration.SslConfiguration.Builder	disableCertificateValidation() Disables the validation of the server's certificate chain, thus making the client trust all the endpoints it is connecting to regardless of the certificate they provide.
HttpConfiguration.SslConfiguration.Builder	disableHostnameVerification() Disables the verification of the server's hostname, thus exposing the client to man-in-the-middle attacks.
HttpConfiguration.SslConfiguration	getConfig() Creates a configuration with all the settings set to this builder instance.
HttpConfiguration.SslConfiguration.Builder	setCrlCertStore(java.security.cert.CertStore crlCertStore) Sets the certificate revocation list CertStore that would be used for validating server certificates.
HttpConfiguration.SslConfiguration.Builder	setEnabledCipherSuites(java.lang.String[] enabledCipherSuites) Sets the cipher suites enabled for use by this configuration.
HttpConfiguration.SslConfiguration.Builder	setEnabledProtocols(java.lang.String[] enabledProtocols) Sets the protocol versions enabled for use by this configuration.
HttpConfiguration.SslConfiguration.Builder	setKeyStore(java.security.KeyStore keyStore) Sets the KeyStore which contains the certificates used to authenticate the client during an SSL handshake.
HttpConfiguration.SslConfiguration.Builder	setKeyStoreConfig(HttpConfiguration.KeyStoreConfig keyStoreConfig) Sets the configuration parameters for the KeyStore provided with setKeyStore(KeyStore).
HttpConfiguration.SslConfiguration.Builder	setTrustStore(java.security.KeyStore trustStore) Sets the KeyStore that contains certificates of trusted parties or Certificate Authorities trusted to identify other parties.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Builder

public Builder()

Builder

public Builder(java.security.KeyStore trustStore)

Parameters:

trustStore - the keystore that contains certificates of trusted parties or Certificate Authorities trusted to identify other parties; may be null, in which case, the default JRE trust-store would be used

Method Detail

setTrustStore

public HttpConfiguration.SslConfiguration.Builder setTrustStore(java.security.KeyStore trustStore)

Sets the KeyStore that contains certificates of trusted parties or Certificate Authorities trusted to identify other parties.

Default value is null which results in the default JRE trust-store being used.

Parameters:

trustStore - the keystore that contains trusted certificates; may be null, in which case, the default JRE trust-store would be used

Returns:

this instance

setKeyStore

public HttpConfiguration.SslConfiguration.Builder setKeyStore(java.security.KeyStore keyStore)

Sets the KeyStore which contains the certificates used to authenticate the client during an SSL handshake.

A HttpConfiguration.KeyStoreConfig object specifying the alias and password of the key should be provided through #setKeyStoreConfig(KeyStoreConfig) for this to work.

Default value is null which results in no client authentication provided when connecting to the server.

Parameters:

keyStore - the keystore that contains the client certificates; may be null.

Returns:

this instance

See Also:

#setKeyStoreConfig(KeyStoreConfig)

setKeyStoreConfig

public HttpConfiguration.SslConfiguration.Builder setKeyStoreConfig(HttpConfiguration.KeyStoreConfig keyStoreConfig)

Sets the configuration parameters for the KeyStore provided with setKeyStore(KeyStore).

Default value is null which results in no client authentication provided when connecting to the server.

Parameters:

keyStoreConfig - the configuration for client certificates.

Returns:

this instance

See Also:

setKeyStore(KeyStore)

setCrlCertStore

public HttpConfiguration.SslConfiguration.Builder setCrlCertStore(java.security.cert.CertStore crlCertStore)

Sets the certificate revocation list CertStore that would be used for validating server certificates.

Default value is null which results in no validation for the server certificates against CRLs.

Requires a custom trust-store to be set; otherwise an IllegalArgumentException would be thrown upon invoking getConfig() of this instance.

Parameters:

crlCertStore - the cert-store to be used for retrieving the CRLs; may be null.

Returns:

this instance

setEnabledProtocols

public HttpConfiguration.SslConfiguration.Builder setEnabledProtocols(java.lang.String[] enabledProtocols)

Sets the protocol versions enabled for use by this configuration.

The specified protocols must be among SSLv2Hello, SSLv3, TLSv1, TLSv1.1 and TLSv1.2 ; otherwise, applying this configuration over an SSLSocket later would fail.

Defaults to TLSv1, TLSv1.1 and TLSv1.2.

Parameters:

enabledProtocols - Names of all the protocols to enable; must not be null or empty.

Returns:

this instance

setEnabledCipherSuites

public HttpConfiguration.SslConfiguration.Builder setEnabledCipherSuites(java.lang.String[] enabledCipherSuites)

Sets the cipher suites enabled for use by this configuration.

Default value is null which results in the default JRE cipher-suites being enabled.

Parameters:

enabledCipherSuites - Names of all the cipher suites to enable.

Returns:

this instance

See Also:

Default Enabled Cipher Suites in Java 8

disableHostnameVerification

public HttpConfiguration.SslConfiguration.Builder disableHostnameVerification()

Disables the verification of the server's hostname, thus exposing the client to man-in-the-middle attacks.

By default the verification is enabled, providing for proper SSL connectivity.

This option is provided to ease the process of initial evaluation of the SDK or say to prepare code examples that are easier to set-up. It must not be employed in a production environment.

The runtime would log a warning upon each SSL-handshake when the verification is disabled.

Returns:

this instance

See Also:

Section 3.1 of RFC 2818

disableCertificateValidation

public HttpConfiguration.SslConfiguration.Builder disableCertificateValidation()

Disables the validation of the server's certificate chain, thus making the client trust all the endpoints it is connecting to regardless of the certificate they provide.

By default the validation is enabled, allowing connections only to trusted servers.

This option is provided to ease the process of initial evaluation of the SDK or say to prepare code examples that are easier to set-up. It must not be employed in a production environment.

The runtime would log a warning upon each SSL-handshake when the validation is disabled.

With the certificate validation disabled, if the trust-store is set to a value other than null, an IllegalArgumentException would be thrown upon invoking getConfig() of this instance.

Returns:

this instance

getConfig

public HttpConfiguration.SslConfiguration getConfig()

Creates a configuration with all the settings set to this builder instance.

Returns:

immutable HttpConfiguration.SslConfiguration