Class SSLParams
- java.lang.Object
-
- org.glassfish.admin.mbeanserver.ssl.SSLParams
-
public class SSLParams extends Object
This class is a config holder for configuring SSL Sockets. It comes with set of defaults as defined below TrustAlgorithm = SunX509 keystore type = JKS truststore type = JKS protocol = TLS ssl3 Enabled = true tls Enabled= true It also picks up the value of keystore, keystore password, truststore , trustore password from system properties. Usage : This class can be used in any enviroment , where one wants to pass in SSL defaults programatically as well as use a default set of configuration without setting in values explicitly.- Author:
- [email protected]
-
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description String
getCertNickname()
String
getClientAuth()
Determines if if the engine will request (want) or require (need) client authentication.String
getClientAuthEnabled()
Determines whether SSL3 client authentication is performed on every request, independent of ACL-based access control.String
getCrlFile()
String[]
getEnabledCiphers()
String[]
getEnabledProtocols()
Boolean
getHstsEnabled()
Determines whether Strict Transport Security is setBoolean
getHstsPreload()
Boolean
getHstsSubDomains()
String
getKeyAlgorithm()
File
getKeyStore()
String
getKeyStorePassword()
String
getKeyStoreType()
type of the keystore fileString
getProtocol()
String
getSsl2Ciphers()
A comma-separated list of the SSL2 ciphers used, with the prefix + to enable or - to disable, for example +rc4.Boolean
getSsl2Enabled()
Determines whether SSL2 is enabled.Boolean
getSsl3Enabled()
Determines whether SSL3 is enabled.String
getSsl3TlsCiphers()
A comma-separated list of the SSL3 ciphers used, with the prefix + to enable or - to disable, for example +SSL_RSA_WITH_RC4_128_MD5.Boolean
getTlsEnabled()
Determines whether TLS is enabled.Boolean
getTlsRollbackEnabled()
Determines whether TLS rollback is enabled.String
getTrustAlgorithm()
File
getTrustStore()
String
getTrustStorePassword()
String
getTrustStoreType()
void
setCertNickname(String certNickname)
void
setClientAuth(String clientAuth)
void
setClientAuthEnabled(String clientAuthEnabled)
void
setCrlFile(String crlFile)
void
setEnabledCiphers(String[] enabledCiphers)
void
setEnabledProtocols(String[] enabledProtocols)
void
setHstsEnabled(String hstsEnabled)
void
setHstsPreload(Boolean hstsPreload)
void
setHstsSubDomains(Boolean hstsSubDomains)
void
setKeyAlgorithm(String algorithm)
void
setKeyStore(String location)
void
setKeyStorePassword(String password)
void
setKeyStoreType(String type)
void
setProtocol(String protocol)
void
setSsl2Ciphers(String ssl2Ciphers)
void
setSsl2Enabled(String ssl2Enabled)
void
setSsl3Enabled(String ssl3Enabled)
void
setSsl3TlsCiphers(String ssl3TlsCiphers)
void
setTlsEnabled(String tlsEnabled)
void
setTlsRollbackEnabled(String tlsRollBackEnabled)
void
setTrustAlgorithm(String algorithm)
void
setTrustMaxCertLength(String maxLength)
-
-
-
Method Detail
-
getTrustStore
public File getTrustStore()
-
getTrustStorePassword
public String getTrustStorePassword()
-
getTrustStoreType
public String getTrustStoreType()
-
getTrustAlgorithm
public String getTrustAlgorithm()
-
setTrustAlgorithm
public void setTrustAlgorithm(String algorithm)
-
getEnabledCiphers
public String[] getEnabledCiphers()
-
setEnabledCiphers
public void setEnabledCiphers(String[] enabledCiphers)
-
getEnabledProtocols
public String[] getEnabledProtocols()
-
setEnabledProtocols
public void setEnabledProtocols(String[] enabledProtocols)
-
getProtocol
public String getProtocol()
-
setProtocol
public void setProtocol(String protocol)
-
setTrustMaxCertLength
public void setTrustMaxCertLength(String maxLength)
-
getCertNickname
public String getCertNickname()
-
setCertNickname
public void setCertNickname(String certNickname)
-
getClientAuthEnabled
public String getClientAuthEnabled()
Determines whether SSL3 client authentication is performed on every request, independent of ACL-based access control.
-
setClientAuthEnabled
public void setClientAuthEnabled(String clientAuthEnabled)
-
getClientAuth
public String getClientAuth()
Determines if if the engine will request (want) or require (need) client authentication. Valid values: want, need, or left blank
-
setClientAuth
public void setClientAuth(String clientAuth)
-
getCrlFile
public String getCrlFile()
-
setCrlFile
public void setCrlFile(String crlFile)
-
getKeyAlgorithm
public String getKeyAlgorithm()
-
setKeyAlgorithm
public void setKeyAlgorithm(String algorithm)
-
getKeyStoreType
public String getKeyStoreType()
type of the keystore file
-
setKeyStoreType
public void setKeyStoreType(String type)
-
getKeyStorePassword
public String getKeyStorePassword()
-
setKeyStorePassword
public void setKeyStorePassword(String password)
-
getKeyStore
public File getKeyStore()
-
setKeyStore
public void setKeyStore(String location)
-
getSsl2Ciphers
public String getSsl2Ciphers()
A comma-separated list of the SSL2 ciphers used, with the prefix + to enable or - to disable, for example +rc4. Allowed values are rc4, rc4export, rc2, rc2export, idea, des, desede3. If no value is specified, all supported ciphers are assumed to be enabled. NOT Used in PE
-
setSsl2Ciphers
public void setSsl2Ciphers(String ssl2Ciphers)
-
getSsl2Enabled
public Boolean getSsl2Enabled()
Determines whether SSL2 is enabled. NOT Used in PE. SSL2 is not supported by either iiop or web-services. When this element is used as a child of the iiop-listener element then the only allowed value for this attribute is "false".
-
setSsl2Enabled
public void setSsl2Enabled(String ssl2Enabled)
-
getSsl3Enabled
public Boolean getSsl3Enabled()
Determines whether SSL3 is enabled. If both SSL2 and SSL3 are enabled for a virtual server, the server tries SSL3 encryption first. If that fails, the server tries SSL2 encryption.
-
setSsl3Enabled
public void setSsl3Enabled(String ssl3Enabled)
-
getSsl3TlsCiphers
public String getSsl3TlsCiphers()
A comma-separated list of the SSL3 ciphers used, with the prefix + to enable or - to disable, for example +SSL_RSA_WITH_RC4_128_MD5. Allowed SSL3/TLS values are those that are supported by the JVM for the given security provider and security service configuration. If no value is specified, all supported ciphers are assumed to be enabled.
-
setSsl3TlsCiphers
public void setSsl3TlsCiphers(String ssl3TlsCiphers)
-
getTlsEnabled
public Boolean getTlsEnabled()
Determines whether TLS is enabled.
-
setTlsEnabled
public void setTlsEnabled(String tlsEnabled)
-
getTlsRollbackEnabled
public Boolean getTlsRollbackEnabled()
Determines whether TLS rollback is enabled. TLS rollback should be enabled for Microsoft Internet Explorer 5.0 and 5.5. NOT Used in PE
-
setTlsRollbackEnabled
public void setTlsRollbackEnabled(String tlsRollBackEnabled)
-
getHstsEnabled
public Boolean getHstsEnabled()
Determines whether Strict Transport Security is set
-
setHstsEnabled
public void setHstsEnabled(String hstsEnabled)
-
getHstsSubDomains
public Boolean getHstsSubDomains()
-
setHstsSubDomains
public void setHstsSubDomains(Boolean hstsSubDomains)
-
getHstsPreload
public Boolean getHstsPreload()
-
setHstsPreload
public void setHstsPreload(Boolean hstsPreload)
-
-