Package org.glassfish.admin.mbeanserver.ssl

Class SSLParams

  • public class SSLParams
extends Object
    This class is a config holder for configuring SSL Sockets. It comes with set of defaults as defined below TrustAlgorithm = SunX509 keystore type = JKS truststore type = JKS protocol = TLS ssl3 Enabled = true tls Enabled= true It also picks up the value of keystore, keystore password, truststore , trustore password from system properties. Usage : This class can be used in any enviroment , where one wants to pass in SSL defaults programatically as well as use a default set of configuration without setting in values explicitly.
    Author:
    [email protected]

    • Constructor Detail

      • SSLParams

        public SSLParams​(File truststore,
                 String trustStorePwd,
                 String trustStoreType)

      • SSLParams

        public SSLParams()

    • Method Detail

      • getTrustStore

        public File getTrustStore()

      • getTrustStorePassword

        public String getTrustStorePassword()

      • getTrustStoreType

        public String getTrustStoreType()

      • getTrustAlgorithm

        public String getTrustAlgorithm()

      • setTrustAlgorithm

        public void setTrustAlgorithm​(String algorithm)

      • getEnabledCiphers

        public String[] getEnabledCiphers()

      • setEnabledCiphers

        public void setEnabledCiphers​(String[] enabledCiphers)

      • getEnabledProtocols

        public String[] getEnabledProtocols()

      • setEnabledProtocols

        public void setEnabledProtocols​(String[] enabledProtocols)

      • getProtocol

        public String getProtocol()

      • setProtocol

        public void setProtocol​(String protocol)

      • setTrustMaxCertLength

        public void setTrustMaxCertLength​(String maxLength)

      • getCertNickname

        public String getCertNickname()

      • setCertNickname

        public void setCertNickname​(String certNickname)

      • getClientAuthEnabled

        public String getClientAuthEnabled()
        Determines whether SSL3 client authentication is performed on every request, independent of ACL-based access control.

      • setClientAuthEnabled

        public void setClientAuthEnabled​(String clientAuthEnabled)

      • getClientAuth

        public String getClientAuth()
        Determines if if the engine will request (want) or require (need) client authentication. Valid values: want, need, or left blank

      • setClientAuth

        public void setClientAuth​(String clientAuth)

      • getCrlFile

        public String getCrlFile()

      • setCrlFile

        public void setCrlFile​(String crlFile)

      • getKeyAlgorithm

        public String getKeyAlgorithm()

      • setKeyAlgorithm

        public void setKeyAlgorithm​(String algorithm)

      • getKeyStoreType

        public String getKeyStoreType()
        type of the keystore file

      • setKeyStoreType

        public void setKeyStoreType​(String type)

      • getKeyStorePassword

        public String getKeyStorePassword()

      • setKeyStorePassword

        public void setKeyStorePassword​(String password)

      • getKeyStore

        public File getKeyStore()

      • setKeyStore

        public void setKeyStore​(String location)

      • getSsl2Ciphers

        public String getSsl2Ciphers()
        A comma-separated list of the SSL2 ciphers used, with the prefix + to enable or - to disable, for example +rc4. Allowed values are rc4, rc4export, rc2, rc2export, idea, des, desede3. If no value is specified, all supported ciphers are assumed to be enabled. NOT Used in PE

      • setSsl2Ciphers

        public void setSsl2Ciphers​(String ssl2Ciphers)

      • getSsl2Enabled

        public Boolean getSsl2Enabled()
        Determines whether SSL2 is enabled. NOT Used in PE. SSL2 is not supported by either iiop or web-services. When this element is used as a child of the iiop-listener element then the only allowed value for this attribute is "false".

      • setSsl2Enabled

        public void setSsl2Enabled​(String ssl2Enabled)

      • getSsl3Enabled

        public Boolean getSsl3Enabled()
        Determines whether SSL3 is enabled. If both SSL2 and SSL3 are enabled for a virtual server, the server tries SSL3 encryption first. If that fails, the server tries SSL2 encryption.

      • setSsl3Enabled

        public void setSsl3Enabled​(String ssl3Enabled)

      • getSsl3TlsCiphers

        public String getSsl3TlsCiphers()
        A comma-separated list of the SSL3 ciphers used, with the prefix + to enable or - to disable, for example +SSL_RSA_WITH_RC4_128_MD5. Allowed SSL3/TLS values are those that are supported by the JVM for the given security provider and security service configuration. If no value is specified, all supported ciphers are assumed to be enabled.

      • setSsl3TlsCiphers

        public void setSsl3TlsCiphers​(String ssl3TlsCiphers)

      • getTlsEnabled

        public Boolean getTlsEnabled()
        Determines whether TLS is enabled.

      • setTlsEnabled

        public void setTlsEnabled​(String tlsEnabled)

      • getTlsRollbackEnabled

        public Boolean getTlsRollbackEnabled()
        Determines whether TLS rollback is enabled. TLS rollback should be enabled for Microsoft Internet Explorer 5.0 and 5.5. NOT Used in PE

      • setTlsRollbackEnabled

        public void setTlsRollbackEnabled​(String tlsRollBackEnabled)

      • getHstsEnabled

        public Boolean getHstsEnabled()
        Determines whether Strict Transport Security is set

      • setHstsEnabled

        public void setHstsEnabled​(String hstsEnabled)

      • getHstsSubDomains

        public Boolean getHstsSubDomains()

      • setHstsSubDomains

        public void setHstsSubDomains​(Boolean hstsSubDomains)

      • getHstsPreload

        public Boolean getHstsPreload()

      • setHstsPreload

        public void setHstsPreload​(Boolean hstsPreload)