Class SSLUtil
- java.lang.Object
-
- org.apache.qpid.server.transport.network.security.ssl.SSLUtil
-
public class SSLUtil extends Object
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static interface
SSLUtil.KeyCertPair
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static boolean
canGenerateCerts()
static boolean
checkHostname(String hostname, X509Certificate cert)
static SNIHostName
createSNIHostName(byte[] hostName)
static SNIHostName
createSNIHostName(String hostName)
static SSLContext
createSslContext(KeyStore keyStore, Collection<TrustStore> trustStores, String portName)
static String[]
filterEnabledCipherSuites(String[] enabledCipherSuites, String[] supportedCipherSuites, List<String> cipherSuiteAllowList, List<String> cipherSuiteDenyList)
static String[]
filterEnabledProtocols(String[] enabledProtocols, String[] supportedProtocols, List<String> protocolAllowList, List<String> protocolDenyList)
static SSLUtil.KeyCertPair
generateSelfSignedCertificate(String keyAlgorithm, String signatureAlgorithm, int keyLength, long startTime, long endTime, String x500Name, Set<String> dnsNames, Set<InetAddress> addresses)
static CertificateFactory
getCertificateFactory()
static Map<String,Certificate>
getCertificates(KeyStore ks)
static String
getIdFromSubjectDN(String dn)
static KeyStore
getInitializedKeyStore(String storePath, String storePassword, String keyStoreType)
static KeyStore
getInitializedKeyStore(URL storePath, String storePassword, String keyStoreType)
static String
getServerNameFromTLSClientHello(QpidByteBuffer source)
static boolean
isSufficientToDetermineClientSNIHost(QpidByteBuffer buffer)
static X509Certificate[]
readCertificates(InputStream input)
static X509Certificate[]
readCertificates(URL certFile)
static PrivateKey
readPrivateKey(byte[] content, String algorithm)
static PrivateKey
readPrivateKey(InputStream input)
static PrivateKey
readPrivateKey(URL url)
static SSLContext
tryGetSSLContext()
static SSLContext
tryGetSSLContext(String[] protocols)
static void
updateEnabledCipherSuites(SSLEngine engine, List<String> cipherSuitesAllowList, List<String> cipherSuitesDenyList)
static void
updateEnabledCipherSuites(SSLSocket socket, List<String> cipherSuitesAllowList, List<String> cipherSuitesDenyList)
static void
updateEnabledTlsProtocols(SSLEngine engine, List<String> protocolAllowList, List<String> protocolDenyList)
static void
updateEnabledTlsProtocols(SSLSocket socket, List<String> protocolAllowList, List<String> protocolDenyList)
static void
verifyHostname(String hostnameExpected, X509Certificate cert)
static void
verifyHostname(SSLEngine engine, String hostnameExpected)
-
-
-
Method Detail
-
getCertificateFactory
public static CertificateFactory getCertificateFactory()
-
verifyHostname
public static void verifyHostname(String hostnameExpected, X509Certificate cert)
-
checkHostname
public static boolean checkHostname(String hostname, X509Certificate cert)
-
getInitializedKeyStore
public static KeyStore getInitializedKeyStore(String storePath, String storePassword, String keyStoreType) throws GeneralSecurityException, IOException
- Throws:
GeneralSecurityException
IOException
-
getInitializedKeyStore
public static KeyStore getInitializedKeyStore(URL storePath, String storePassword, String keyStoreType) throws GeneralSecurityException, IOException
- Throws:
GeneralSecurityException
IOException
-
readCertificates
public static X509Certificate[] readCertificates(URL certFile) throws IOException, GeneralSecurityException
- Throws:
IOException
GeneralSecurityException
-
readCertificates
public static X509Certificate[] readCertificates(InputStream input) throws IOException, GeneralSecurityException
- Throws:
IOException
GeneralSecurityException
-
readPrivateKey
public static PrivateKey readPrivateKey(URL url) throws IOException, GeneralSecurityException
- Throws:
IOException
GeneralSecurityException
-
readPrivateKey
public static PrivateKey readPrivateKey(InputStream input) throws IOException, GeneralSecurityException
- Throws:
IOException
GeneralSecurityException
-
readPrivateKey
public static PrivateKey readPrivateKey(byte[] content, String algorithm) throws NoSuchAlgorithmException, InvalidKeySpecException
-
updateEnabledTlsProtocols
public static void updateEnabledTlsProtocols(SSLEngine engine, List<String> protocolAllowList, List<String> protocolDenyList)
-
updateEnabledTlsProtocols
public static void updateEnabledTlsProtocols(SSLSocket socket, List<String> protocolAllowList, List<String> protocolDenyList)
-
filterEnabledProtocols
public static String[] filterEnabledProtocols(String[] enabledProtocols, String[] supportedProtocols, List<String> protocolAllowList, List<String> protocolDenyList)
-
filterEnabledCipherSuites
public static String[] filterEnabledCipherSuites(String[] enabledCipherSuites, String[] supportedCipherSuites, List<String> cipherSuiteAllowList, List<String> cipherSuiteDenyList)
-
updateEnabledCipherSuites
public static void updateEnabledCipherSuites(SSLEngine engine, List<String> cipherSuitesAllowList, List<String> cipherSuitesDenyList)
-
updateEnabledCipherSuites
public static void updateEnabledCipherSuites(SSLSocket socket, List<String> cipherSuitesAllowList, List<String> cipherSuitesDenyList)
-
tryGetSSLContext
public static SSLContext tryGetSSLContext() throws NoSuchAlgorithmException
- Throws:
NoSuchAlgorithmException
-
tryGetSSLContext
public static SSLContext tryGetSSLContext(String[] protocols) throws NoSuchAlgorithmException
- Throws:
NoSuchAlgorithmException
-
isSufficientToDetermineClientSNIHost
public static boolean isSufficientToDetermineClientSNIHost(QpidByteBuffer buffer)
-
getServerNameFromTLSClientHello
public static String getServerNameFromTLSClientHello(QpidByteBuffer source)
-
createSslContext
public static SSLContext createSslContext(KeyStore keyStore, Collection<TrustStore> trustStores, String portName)
-
canGenerateCerts
public static boolean canGenerateCerts()
-
generateSelfSignedCertificate
public static SSLUtil.KeyCertPair generateSelfSignedCertificate(String keyAlgorithm, String signatureAlgorithm, int keyLength, long startTime, long endTime, String x500Name, Set<String> dnsNames, Set<InetAddress> addresses) throws NoSuchAlgorithmException, org.bouncycastle.operator.OperatorCreationException, CertificateException, org.bouncycastle.cert.CertIOException
- Throws:
NoSuchAlgorithmException
org.bouncycastle.operator.OperatorCreationException
CertificateException
org.bouncycastle.cert.CertIOException
-
getCertificates
public static Map<String,Certificate> getCertificates(KeyStore ks) throws KeyStoreException
- Throws:
KeyStoreException
-
createSNIHostName
public static SNIHostName createSNIHostName(String hostName)
-
createSNIHostName
public static SNIHostName createSNIHostName(byte[] hostName)
-
-